diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index fd6f61dc0..110edf6cb 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -56,7 +56,7 @@ jobs: fetch-depth: 0 - name: Cache Go modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: | ~/go/pkg/mod diff --git a/.github/workflows/test-unit.yaml b/.github/workflows/test-unit.yaml index cbc2eb57d..c819cd1aa 100644 --- a/.github/workflows/test-unit.yaml +++ b/.github/workflows/test-unit.yaml @@ -31,7 +31,7 @@ jobs: fetch-depth: 0 - name: Cache Go modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: | ~/go/pkg/mod diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 9cb143d8b..beb87eec1 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -33,7 +33,7 @@ jobs: fetch-depth: 0 - name: Cache Go modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: | ~/go/pkg/mod @@ -73,7 +73,7 @@ jobs: fetch-depth: 0 - name: Cache Go modules - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: | ~/go/pkg/mod diff --git a/.golangci.yml b/.golangci.yml index 79d1c6ad0..43065313c 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -75,7 +75,6 @@ linters-settings: - github.com/mailgun/minheap - github.com/mailgun/multibuf - github.com/jaguilar/vt100 - - github.com/BurntSushi/toml linters: enable-all: true diff --git a/.goreleaser.yml b/.goreleaser.yml index 27bc16cd2..9194b4a1e 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -22,22 +22,23 @@ builds: - openbsd goarch: - amd64 - - 386 + - '386' - arm - arm64 - ppc64le - s390x goarm: - - 7 - - 6 - - 5 + - '7' + - '6' ignore: - goos: darwin - goarch: 386 + goarch: '386' - goos: openbsd goarch: arm - goos: openbsd goarch: arm64 + - goos: freebsd + goarch: arm - goos: freebsd goarch: arm64 - goos: windows diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c14767d8..03cf18a10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,29 @@ +## [v2.9.4](https://github.com/traefik/traefik/tree/v2.9.4) (2022-10-27) +[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.4) + +**Bug fixes:** +- **[acme]** Update go-acme/lego to v4.9.0 ([#9413](https://github.com/traefik/traefik/pull/9413) by [tony-defa](https://github.com/tony-defa)) +- **[kv,redis]** Fix Redis configuration type ([#9435](https://github.com/traefik/traefik/pull/9435) by [ldez](https://github.com/ldez)) +- **[logs,middleware,metrics]** Handle capture on redefined http.responseWriters ([#9440](https://github.com/traefik/traefik/pull/9440) by [rtribotte](https://github.com/rtribotte)) +- **[middleware,k8s]** Remove raw cert escape in PassTLSClientCert middleware ([#9412](https://github.com/traefik/traefik/pull/9412) by [rtribotte](https://github.com/rtribotte)) +- **[plugins]** Update Yaegi to v0.14.3 ([#9468](https://github.com/traefik/traefik/pull/9468) by [ldez](https://github.com/ldez)) +- Remove side effect on default transport tests ([#9460](https://github.com/traefik/traefik/pull/9460) by [sdelicata](https://github.com/sdelicata)) + +**Documentation:** +- **[k8s]** Fix links to gateway API guides ([#9445](https://github.com/traefik/traefik/pull/9445) by [kevinpollet](https://github.com/kevinpollet)) +- Simplify dashboard rule example ([#9454](https://github.com/traefik/traefik/pull/9454) by [sosoba](https://github.com/sosoba)) +- Add v2.9 to release page ([#9438](https://github.com/traefik/traefik/pull/9438) by [kevinpollet](https://github.com/kevinpollet)) + +## [v2.9.3](https://github.com/traefik/traefik/tree/v2.9.3) (2022-10-27) +[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.3) + +Release canceled. + +## [v2.9.2](https://github.com/traefik/traefik/tree/v2.9.2) (2022-10-27) +[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.2) + +Release canceled. + ## [v2.9.1](https://github.com/traefik/traefik/tree/v2.9.1) (2022-10-03) [All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.9.1) diff --git a/Makefile b/Makefile index c04dc40e7..0c957b003 100644 --- a/Makefile +++ b/Makefile @@ -189,7 +189,7 @@ generate-genconf: .PHONY: release-packages release-packages: generate-webui build-dev-image rm -rf dist - $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish --timeout="90m" + $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 4 --timeout="90m" $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \ --exclude-vcs \ --exclude .idea \ diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index a8216d48b..db4148e5a 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -32,7 +32,6 @@ import ( "github.com/traefik/traefik/v2/pkg/log" "github.com/traefik/traefik/v2/pkg/metrics" "github.com/traefik/traefik/v2/pkg/middlewares/accesslog" - "github.com/traefik/traefik/v2/pkg/middlewares/capture" "github.com/traefik/traefik/v2/pkg/provider/acme" "github.com/traefik/traefik/v2/pkg/provider/aggregator" "github.com/traefik/traefik/v2/pkg/provider/hub" @@ -287,9 +286,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err accessLog := setupAccessLog(staticConfiguration.AccessLog) tracer := setupTracing(staticConfiguration.Tracing) - captureMiddleware := setupCapture(staticConfiguration) - chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer, captureMiddleware) + chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer) routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry) // Watcher @@ -638,13 +636,6 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing { return tracer } -func setupCapture(staticConfiguration *static.Configuration) *capture.Handler { - if staticConfiguration.AccessLog == nil && staticConfiguration.Metrics == nil { - return nil - } - return &capture.Handler{} -} - func configureLogging(staticConfiguration *static.Configuration) { // configure default log flags stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags) diff --git a/docs/content/assets/img/middleware/ipwhitelist.png b/docs/content/assets/img/middleware/ipwhitelist.png deleted file mode 100644 index 8c6b0c97a..000000000 Binary files a/docs/content/assets/img/middleware/ipwhitelist.png and /dev/null differ diff --git a/docs/content/middlewares/http/chain.md b/docs/content/middlewares/http/chain.md index 3fc06d26b..f9768adfb 100644 --- a/docs/content/middlewares/http/chain.md +++ b/docs/content/middlewares/http/chain.md @@ -15,7 +15,7 @@ It makes reusing the same groups easier. ## Configuration Example -Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`. +Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`. ```yaml tab="Docker" labels: @@ -25,7 +25,7 @@ labels: - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" + - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.services.service1.loadbalancer.server.port=80" ``` @@ -80,7 +80,7 @@ kind: Middleware metadata: name: known-ips spec: - ipWhiteList: + ipAllowList: sourceRange: - 192.168.1.7 - 127.0.0.1/32 @@ -93,7 +93,7 @@ spec: - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" -- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" +- "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.services.service1.loadbalancer.server.port=80" ``` @@ -105,7 +105,7 @@ spec: "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users", "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "traefik.http.middlewares.https-only.redirectscheme.scheme": "https", - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32", + "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32", "traefik.http.services.service1.loadbalancer.server.port": "80" } ``` @@ -118,7 +118,7 @@ labels: - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" + - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.services.service1.loadbalancer.server.port=80" ``` @@ -150,7 +150,7 @@ http: scheme: https known-ips: - ipWhiteList: + ipAllowList: sourceRange: - "192.168.1.7" - "127.0.0.1/32" @@ -180,7 +180,7 @@ http: [http.middlewares.https-only.redirectScheme] scheme = "https" - [http.middlewares.known-ips.ipWhiteList] + [http.middlewares.known-ips.ipAllowList] sourceRange = ["192.168.1.7", "127.0.0.1/32"] [http.services] diff --git a/docs/content/middlewares/http/grpcweb.md b/docs/content/middlewares/http/grpcweb.md new file mode 100644 index 000000000..d6d2c9a6b --- /dev/null +++ b/docs/content/middlewares/http/grpcweb.md @@ -0,0 +1,77 @@ +--- +title: "Traefik GrpcWeb Documentation" +description: "In Traefik Proxy's HTTP middleware, GrpcWeb converts a gRPC Web requests to HTTP/2 gRPC requests. Read the technical documentation." +--- + +# GrpcWeb + +Converting gRPC Web requests to HTTP/2 gRPC requests. +{: .subtitle } + +The GrpcWeb middleware converts gRPC Web requests to HTTP/2 gRPC requests before forwarding them to the backends. + +!!! tip + + Please note, that Traefik needs to communicate using gRPC with the backends (h2c or HTTP/2 over TLS). + Check out the [gRPC](../../user-guides/grpc.md) user guide for more details. + +## Configuration Examples + +```yaml tab="Docker" +labels: + - "traefik.http.middlewares.test-grpcweb.grpcweb.allowOrigins=*" +``` + +```yaml tab="Kubernetes" +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: test-grpcweb +spec: + grpcWeb: + allowOrigins: + - "*" +``` + +```yaml tab="Consul Catalog" +- "traefik.http.middlewares.test-grpcweb.grpcWeb.allowOrigins=*" +``` + +```json tab="Marathon" +"labels": { + "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins": "*" +} +``` + +```yaml tab="Rancher" +labels: + - "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins=*" +``` + +```yaml tab="File (YAML)" +http: + middlewares: + test-grpcweb: + grpcWeb: + allowOrigins: + - "*" +``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-grpcweb.grpcWeb] + allowOrigins = ["*"] +``` + +## Configuration Options + +### `allowOrigins` + +The `allowOrigins` contains the list of allowed origins. +A wildcard origin `*` can also be configured to match all requests. + +More information including how to use the settings can be found at: + +- [Mozilla.org](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) +- [w3](https://fetch.spec.whatwg.org/#http-access-control-allow-origin) +- [IETF](https://tools.ietf.org/html/rfc6454#section-7.1) diff --git a/docs/content/middlewares/http/ipwhitelist.md b/docs/content/middlewares/http/ipallowlist.md similarity index 68% rename from docs/content/middlewares/http/ipwhitelist.md rename to docs/content/middlewares/http/ipallowlist.md index 3817b54d5..56450d736 100644 --- a/docs/content/middlewares/http/ipwhitelist.md +++ b/docs/content/middlewares/http/ipallowlist.md @@ -1,32 +1,30 @@ --- -title: "Traefik HTTP Middlewares IPWhiteList" -description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." +title: "Traefik HTTP Middlewares IPAllowList" +description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." --- -# IPWhiteList +# IPAllowList Limiting Clients to Specific IPs {: .subtitle } -![IpWhiteList](../../assets/img/middleware/ipwhitelist.png) - -IPWhitelist accepts / refuses requests based on the client IP. +IPAllowList accepts / refuses requests based on the client IP. ## Configuration Examples ```yaml tab="Docker" # Accepts request from defined IP labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -34,27 +32,27 @@ spec: ```yaml tab="Consul Catalog" # Accepts request from defined IP -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" + "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7" } ``` ```yaml tab="Rancher" # Accepts request from defined IP labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="File (YAML)" # Accepts request from defined IP http: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" @@ -63,7 +61,7 @@ http: ```toml tab="File (TOML)" # Accepts request from defined IP [http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] + [http.middlewares.test-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] ``` @@ -86,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th !!! example "Examples of Depth & X-Forwarded-For" - If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`). + If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`). | `X-Forwarded-For` | `depth` | clientIP | |-----------------------------------------|---------|--------------| @@ -95,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | ```yaml tab="Docker" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" ``` ```yaml tab="Kubernetes" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -117,31 +115,31 @@ spec: ``` ```yaml tab="Consul Catalog" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" +# Allowlisting Based on `X-Forwarded-For` with `depth=2` +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2" + "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7", + "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2" } ``` ```yaml tab="Rancher" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" ``` ```yaml tab="File (YAML)" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` http: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" @@ -150,11 +148,11 @@ http: ``` ```toml tab="File (TOML)" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` +# Allowlisting Based on `X-Forwarded-For` with `depth=2` [http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] + [http.middlewares.test-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] - [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] + [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy] depth = 2 ``` @@ -177,7 +175,7 @@ http: ```yaml tab="Docker" # Exclude from `X-Forwarded-For` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" @@ -185,9 +183,9 @@ labels: apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: ipStrategy: excludedIPs: - 127.0.0.1/32 @@ -196,27 +194,27 @@ spec: ```yaml tab="Consul Catalog" # Exclude from `X-Forwarded-For` -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" +- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" + "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" } ``` ```yaml tab="Rancher" # Exclude from `X-Forwarded-For` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="File (YAML)" # Exclude from `X-Forwarded-For` http: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: ipStrategy: excludedIPs: - "127.0.0.1/32" @@ -226,7 +224,7 @@ http: ```toml tab="File (TOML)" # Exclude from `X-Forwarded-For` [http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] - [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] + [http.middlewares.test-ipallowlist.ipAllowList] + [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy] excludedIPs = ["127.0.0.1/32", "192.168.1.7"] ``` diff --git a/docs/content/middlewares/http/overview.md b/docs/content/middlewares/http/overview.md index 07096315e..c4a9f9791 100644 --- a/docs/content/middlewares/http/overview.md +++ b/docs/content/middlewares/http/overview.md @@ -142,7 +142,7 @@ http: | [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle | | [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication | | [Headers](headers.md) | Adds / Updates headers | Security | -| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle | +| [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle | | [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle | | [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security | | [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle | diff --git a/docs/content/middlewares/tcp/ipwhitelist.md b/docs/content/middlewares/tcp/ipallowlist.md similarity index 66% rename from docs/content/middlewares/tcp/ipwhitelist.md rename to docs/content/middlewares/tcp/ipallowlist.md index 857d72bc7..2cc51fd57 100644 --- a/docs/content/middlewares/tcp/ipwhitelist.md +++ b/docs/content/middlewares/tcp/ipallowlist.md @@ -1,30 +1,30 @@ --- -title: "Traefik TCP Middlewares IPWhiteList" -description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." +title: "Traefik TCP Middlewares IPAllowList" +description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." --- -# IPWhiteList +# IPAllowList Limiting Clients to Specific IPs {: .subtitle } -IPWhitelist accepts / refuses connections based on the client IP. +IPAllowList accepts / refuses connections based on the client IP. ## Configuration Examples ```yaml tab="Docker" # Accepts connections from defined IP labels: - - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: test-ipwhitelist + name: test-ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -32,25 +32,25 @@ spec: ```yaml tab="Consul Catalog" # Accepts request from defined IP -- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" +- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" + "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7" } ``` ```yaml tab="Rancher" # Accepts request from defined IP labels: - - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```toml tab="File (TOML)" # Accepts request from defined IP [tcp.middlewares] - [tcp.middlewares.test-ipwhitelist.ipWhiteList] + [tcp.middlewares.test-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] ``` @@ -58,8 +58,8 @@ labels: # Accepts request from defined IP tcp: middlewares: - test-ipwhitelist: - ipWhiteList: + test-ipallowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" diff --git a/docs/content/middlewares/tcp/overview.md b/docs/content/middlewares/tcp/overview.md index 682dbe0f0..cc1302530 100644 --- a/docs/content/middlewares/tcp/overview.md +++ b/docs/content/middlewares/tcp/overview.md @@ -18,10 +18,10 @@ whoami: # A container that exposes an API to show its IP address image: traefik/whoami labels: - # Create a middleware named `foo-ip-whitelist` - - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - # Apply the middleware named `foo-ip-whitelist` to the router named `router1` - - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker" + # Create a middleware named `foo-ip-allowlist` + - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + # Apply the middleware named `foo-ip-allowlist` to the router named `router1` + - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker" ``` ```yaml tab="Kubernetes IngressRoute" @@ -43,9 +43,9 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: foo-ip-whitelist + name: foo-ip-allowlist spec: - ipWhiteList: + ipAllowList: sourcerange: - 127.0.0.1/32 - 192.168.1.7 @@ -60,30 +60,30 @@ spec: routes: # more fields... middlewares: - - name: foo-ip-whitelist + - name: foo-ip-allowlist ``` ```yaml tab="Consul Catalog" -# Create a middleware named `foo-ip-whitelist` -- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" -# Apply the middleware named `foo-ip-whitelist` to the router named `router1` -- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog" +# Create a middleware named `foo-ip-allowlist` +- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" +# Apply the middleware named `foo-ip-allowlist` to the router named `router1` +- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog" ``` ```json tab="Marathon" "labels": { - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7", - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon" + "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7", + "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon" } ``` ```yaml tab="Rancher" # As a Rancher Label labels: - # Create a middleware named `foo-ip-whitelist` - - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - # Apply the middleware named `foo-ip-whitelist` to the router named `router1` - - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher" + # Create a middleware named `foo-ip-allowlist` + - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" + # Apply the middleware named `foo-ip-allowlist` to the router named `router1` + - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher" ``` ```toml tab="File (TOML)" @@ -91,11 +91,11 @@ labels: [tcp.routers] [tcp.routers.router1] service = "myService" - middlewares = ["foo-ip-whitelist"] + middlewares = ["foo-ip-allowlist"] rule = "Host(`example.com`)" [tcp.middlewares] - [tcp.middlewares.foo-ip-whitelist.ipWhiteList] + [tcp.middlewares.foo-ip-allowlist.ipAllowList] sourceRange = ["127.0.0.1/32", "192.168.1.7"] [tcp.services] @@ -114,12 +114,12 @@ tcp: router1: service: myService middlewares: - - "foo-ip-whitelist" + - "foo-ip-allowlist" rule: "Host(`example.com`)" middlewares: - foo-ip-whitelist: - ipWhiteList: + foo-ip-allowlist: + ipAllowList: sourceRange: - "127.0.0.1/32" - "192.168.1.7" @@ -137,4 +137,4 @@ tcp: | Middleware | Purpose | Area | |-------------------------------------------|---------------------------------------------------|-----------------------------| | [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle | -| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs. | Security, Request lifecycle | +| [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle | diff --git a/docs/content/migration/v2-to-v3.md b/docs/content/migration/v2-to-v3.md new file mode 100644 index 000000000..2af1d8561 --- /dev/null +++ b/docs/content/migration/v2-to-v3.md @@ -0,0 +1,18 @@ +--- +title: "Traefik V3 Migration Documentation" +description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation." +--- + +# Migration Guide: From v2 to v3 + +How to Migrate from Traefik v2 to Traefik v3. +{: .subtitle } + +The version 3 of Traefik introduces a number of breaking changes, +which require one to update their configuration when they migrate from v2 to v3. +The goal of this page is to recapitulate all of these changes, and in particular to give examples, +feature by feature, of how the configuration looked like in v2, and how it now looks like in v3. + +## IPWhiteList + +In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. diff --git a/docs/content/operations/dashboard.md b/docs/content/operations/dashboard.md index af1ce1058..61e17e742 100644 --- a/docs/content/operations/dashboard.md +++ b/docs/content/operations/dashboard.md @@ -72,7 +72,7 @@ to allow defining: - One or more security features through [middlewares](../middlewares/overview.md) like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md), - [forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md). + [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md). - A [router rule](#dashboard-router-rule) for accessing the dashboard, through Traefik itself (sometimes referred as "Traefik-ception"). @@ -93,12 +93,12 @@ rule = "Host(`traefik.example.com`)" ```bash tab="Path Prefix Rule" # The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/ -rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)" +rule = "PathPrefix(`/api`, `/dashboard`)" ``` ```bash tab="Combination of Rules" # The dashboard can be accessed on http://traefik.example.com/dashboard/ -rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" +rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)" ``` ??? example "Dashboard Dynamic Configuration Examples" diff --git a/docs/content/providers/file.md b/docs/content/providers/file.md index 8abce45d6..2ac4ee1e5 100644 --- a/docs/content/providers/file.md +++ b/docs/content/providers/file.md @@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen !!! tip - The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...) + The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...) ## Configuration Examples diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index f4ddee380..3c91d6f7d 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -71,9 +71,9 @@ - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stsseconds=42" -- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42" -- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar" -- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar" +- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42" +- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar" +- "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar" - "traefik.http.middlewares.middleware12.inflightreq.amount=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar" @@ -121,6 +121,7 @@ - "traefik.http.middlewares.middleware21.stripprefix.forceslash=true" - "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar" - "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar" +- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar" - "traefik.http.routers.router0.entrypoints=foobar, foobar" - "traefik.http.routers.router0.middlewares=foobar, foobar" - "traefik.http.routers.router0.priority=42" @@ -166,7 +167,7 @@ - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service01.loadbalancer.server.port=foobar" - "traefik.http.services.service01.loadbalancer.server.scheme=foobar" -- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar" +- "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml index c197e75cb..649431ffc 100644 --- a/docs/content/reference/dynamic-configuration/file.toml +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -203,9 +203,9 @@ name0 = "foobar" name1 = "foobar" [http.middlewares.Middleware11] - [http.middlewares.Middleware11.ipWhiteList] + [http.middlewares.Middleware11.ipAllowList] sourceRange = ["foobar", "foobar"] - [http.middlewares.Middleware11.ipWhiteList.ipStrategy] + [http.middlewares.Middleware11.ipAllowList.ipStrategy] depth = 42 excludedIPs = ["foobar", "foobar"] [http.middlewares.Middleware12] @@ -285,6 +285,9 @@ [http.middlewares.Middleware22] [http.middlewares.Middleware22.stripPrefixRegex] regex = ["foobar", "foobar"] + [http.middlewares.Middleware23] + [http.middlewares.Middleware23.grpcWeb] + allowOrigins = ["foobar", "foobar"] [http.serversTransports] [http.serversTransports.ServersTransport0] serverName = "foobar" @@ -402,7 +405,7 @@ weight = 42 [tcp.middlewares] [tcp.middlewares.TCPMiddleware00] - [tcp.middlewares.TCPMiddleware00.ipWhiteList] + [tcp.middlewares.TCPMiddleware00.ipAllowList] sourceRange = ["foobar", "foobar"] [tcp.middlewares.TCPMiddleware01] [tcp.middlewares.TCPMiddleware01.inFlightConn] diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index fc446ec0f..7b153bb28 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -230,7 +230,7 @@ http: permissionsPolicy: foobar isDevelopment: true Middleware11: - ipWhiteList: + ipAllowList: sourceRange: - foobar - foobar @@ -324,6 +324,11 @@ http: regex: - foobar - foobar + Middleware23: + grpcWeb: + allowOrigins: + - foobar + - foobar serversTransports: ServersTransport0: serverName: foobar @@ -443,7 +448,7 @@ tcp: weight: 42 middlewares: TCPMiddleware00: - ipWhiteList: + ipAllowList: sourceRange: - foobar - foobar diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 391c23a2c..d7ca0f5da 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -967,6 +967,17 @@ spec: forward) all X-Forwarded-* headers.' type: boolean type: object + grpcWeb: + description: GrpcWeb holds the gRPC web middleware configuration. + This middleware converts a gRPC web request to an HTTP/2 gRPC request. + properties: + allowOrigins: + description: AllowOrigins is a list of allowable origins. Can + also be a wildcard origin "*". + items: + type: string + type: array + type: object headers: description: 'Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. More @@ -1149,7 +1160,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1174,14 +1185,14 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: 'IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/' properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1345,7 +1356,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1541,8 +1552,8 @@ spec: format: int64 type: integer type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. + ipAllowList: + description: IPAllowList defines the IPAllowList middleware configuration. properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml index d86a2dd67..9a3d40e1c 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml @@ -148,7 +148,7 @@ spec: - name: whoamitcp port: 8080 middlewares: - - name: ipwhitelist + - name: ipallowlist tls: secretName: foosecret passthrough: false diff --git a/docs/content/reference/dynamic-configuration/kv-ref.md b/docs/content/reference/dynamic-configuration/kv-ref.md index d83a15476..5457dfafa 100644 --- a/docs/content/reference/dynamic-configuration/kv-ref.md +++ b/docs/content/reference/dynamic-configuration/kv-ref.md @@ -84,11 +84,11 @@ | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` | -| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` | +| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` | +| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` | | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | @@ -140,6 +140,8 @@ | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` | +| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/0` | `foobar` | +| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/1` | `foobar` | | `traefik/http/routers/Router0/entryPoints/0` | `foobar` | | `traefik/http/routers/Router0/entryPoints/1` | `foobar` | | `traefik/http/routers/Router0/middlewares/0` | `foobar` | @@ -247,8 +249,8 @@ | `traefik/http/services/Service04/failover/fallback` | `foobar` | | `traefik/http/services/Service04/failover/healthCheck` | `` | | `traefik/http/services/Service04/failover/service` | `foobar` | -| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` | -| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` | | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | diff --git a/docs/content/reference/dynamic-configuration/marathon-labels.json b/docs/content/reference/dynamic-configuration/marathon-labels.json index 7966f27f7..fbadce690 100644 --- a/docs/content/reference/dynamic-configuration/marathon-labels.json +++ b/docs/content/reference/dynamic-configuration/marathon-labels.json @@ -71,9 +71,9 @@ "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stsseconds": "42", -"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42", -"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar", -"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar", +"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42", +"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar", +"traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar", "traefik.http.middlewares.middleware12.inflightreq.amount": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar", @@ -121,6 +121,7 @@ "traefik.http.middlewares.middleware21.stripprefix.forceslash": "true", "traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar", "traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar", +"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar", "traefik.http.routers.router0.entrypoints": "foobar, foobar", "traefik.http.routers.router0.middlewares": "foobar, foobar", "traefik.http.routers.router0.priority": "42", @@ -166,7 +167,7 @@ "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true", "traefik.http.services.service01.loadbalancer.server.port": "foobar", "traefik.http.services.service01.loadbalancer.server.scheme": "foobar", -"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar", +"traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar", "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42", "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar", "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar", diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml index d7bd0b82c..1fe2e7f63 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml @@ -390,6 +390,17 @@ spec: forward) all X-Forwarded-* headers.' type: boolean type: object + grpcWeb: + description: GrpcWeb holds the gRPC web middleware configuration. + This middleware converts a gRPC web request to an HTTP/2 gRPC request. + properties: + allowOrigins: + description: AllowOrigins is a list of allowable origins. Can + also be a wildcard origin "*". + items: + type: string + type: array + type: object headers: description: 'Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. More @@ -572,7 +583,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -597,14 +608,14 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: 'IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/' properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -768,7 +779,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml index 1f6eec940..78a449562 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml @@ -47,8 +47,8 @@ spec: format: int64 type: integer type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. + ipAllowList: + description: IPAllowList defines the IPAllowList middleware configuration. properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 2fb474dda..f342fc87f 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 - 192.168.1.7 @@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern entryPoints: - web routes: - - match: Host(`example.com`) && PathPrefix(`/whitelist`) + - match: Host(`example.com`) && PathPrefix(`/allowlist`) kind: Rule services: - name: whoami port: 80 middlewares: - - name: ipwhitelist + - name: ipallowlist namespace: foo ``` diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md index 446857266..00bd82375 100644 --- a/docs/content/routing/routers/index.md +++ b/docs/content/routing/routers/index.md @@ -986,7 +986,7 @@ The middlewares will take effect only if the rule matches, and before connecting [tcp.routers.my-router] rule = "HostSNI(`*`)" # declared elsewhere - middlewares = ["ipwhitelist"] + middlewares = ["ipallowlist"] service = "service-foo" ``` @@ -998,7 +998,7 @@ The middlewares will take effect only if the rule matches, and before connecting rule: "HostSNI(`*`)" # declared elsewhere middlewares: - - ipwhitelist + - ipallowlist service: service-foo ``` diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 549fa367c..8090daa7a 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -125,8 +125,9 @@ nav: - 'DigestAuth': 'middlewares/http/digestauth.md' - 'Errors': 'middlewares/http/errorpages.md' - 'ForwardAuth': 'middlewares/http/forwardauth.md' + - 'GrpcWeb': 'middlewares/http/grpcweb.md' - 'Headers': 'middlewares/http/headers.md' - - 'IpWhitelist': 'middlewares/http/ipwhitelist.md' + - 'IpAllowList': 'middlewares/http/ipallowlist.md' - 'InFlightReq': 'middlewares/http/inflightreq.md' - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md' - 'RateLimit': 'middlewares/http/ratelimit.md' @@ -140,7 +141,7 @@ nav: - 'TCP': - 'Overview': 'middlewares/tcp/overview.md' - 'InFlightConn': 'middlewares/tcp/inflightconn.md' - - 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md' + - 'IpAllowList': 'middlewares/tcp/ipallowlist.md' - 'Traefik Hub': 'traefik-hub/index.md' - 'Plugins & Plugin Catalog': 'plugins/index.md' - 'Operations': @@ -177,6 +178,7 @@ nav: - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md' - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md' - 'Migration': + - 'Traefik v2 to v3': 'migration/v2-to-v3.md' - 'Traefik v2 minor migrations': 'migration/v2.md' - 'Traefik v1 to v2': 'migration/v1-to-v2.md' - 'Contributing': diff --git a/go.mod b/go.mod index 12dcf613c..a28670c0c 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/traefik/traefik/v2 go 1.19 require ( - github.com/BurntSushi/toml v1.2.0 + github.com/BurntSushi/toml v1.2.1 github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61 github.com/Masterminds/sprig/v3 v3.2.2 github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 @@ -32,6 +32,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-version v1.6.0 github.com/hashicorp/nomad/api v0.0.0-20220506174431-b5665129cd1f + github.com/improbable-eng/grpc-web v0.15.0 github.com/influxdata/influxdb-client-go/v2 v2.7.0 github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d github.com/instana/go-sensor v1.38.3 @@ -62,7 +63,7 @@ require ( github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 github.com/traefik/paerser v0.1.9 - github.com/traefik/yaegi v0.14.2 + github.com/traefik/yaegi v0.14.3 github.com/uber/jaeger-client-go v2.30.0+incompatible github.com/uber/jaeger-lib v2.2.0+incompatible github.com/unrolled/render v1.0.2 @@ -143,6 +144,7 @@ require ( github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpu/goacmedns v0.1.1 // indirect github.com/deepmap/oapi-codegen v1.9.1 // indirect + github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dimchansky/utfbom v1.1.1 // indirect @@ -190,7 +192,7 @@ require ( github.com/gophercloud/gophercloud v1.0.0 // indirect github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect - github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 // indirect + github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect github.com/hashicorp/consul/sdk v0.10.0 // indirect github.com/hashicorp/cronexpr v1.1.1 // indirect @@ -281,6 +283,7 @@ require ( github.com/pquerna/otp v1.3.0 // indirect github.com/prometheus/common v0.35.0 // indirect github.com/prometheus/procfs v0.7.3 // indirect + github.com/rs/cors v1.7.0 // indirect github.com/sacloud/api-client-go v0.2.1 // indirect github.com/sacloud/go-http v0.1.2 // indirect github.com/sacloud/iaas-api-go v1.3.2 // indirect @@ -343,6 +346,7 @@ require ( howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect k8s.io/klog/v2 v2.10.0 // indirect k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect + nhooyr.io/websocket v1.8.7 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect sigs.k8s.io/yaml v1.2.0 // indirect ) @@ -358,9 +362,6 @@ replace ( // https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131 replace github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 -// https://github.com/BurntSushi/toml/issues/360 -replace github.com/BurntSushi/toml v1.2.0 => github.com/BurntSushi/toml v1.1.0 - // ambiguous import: found package github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http in multiple modules // tencentcloud uses monorepo with multimodule but the go.mod files are incomplete. exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible diff --git a/go.sum b/go.sum index 9748b61aa..38e01b047 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,8 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I= -github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 h1:3nVO1nQyh64IUY6BPZUpMYMZ738Pu+LsMt3E0eqqIYw= github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw= @@ -522,6 +522,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xb github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= +github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= +github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI= github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= @@ -681,8 +683,11 @@ github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungG github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gin-gonic/gin v1.7.0/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= +github.com/gin-gonic/gin v1.7.4 h1:QmUZXrvJ9qZ3GfWvQ+2wnW/1ePrTEJqPKMYEU3lD/DM= github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= @@ -700,6 +705,7 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg= github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -735,11 +741,15 @@ github.com/go-pg/pg/v10 v10.0.0/go.mod h1:XHU1AkQW534GFuUdSiQ46+Xw6Ah+9+b8DlT4Yw github.com/go-pg/zerochecker v0.2.0/go.mod h1:NJZ4wKL0NmTtz0GKCoJ8kym6Xn/EQzXRl2OnAe7MmDo= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= +github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU= github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= +github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho= github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= +github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= +github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-redis/redis/v7 v7.1.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg= github.com/go-redis/redis/v8 v8.0.0/go.mod h1:isLoQT/NFSP7V67lyvM9GmdvLdyZ7pEhsXvvyQtnQTo= @@ -788,6 +798,12 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= +github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0= +github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= +github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8= +github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= +github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo= +github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gocql/gocql v0.0.0-20220224095938-0eacd3183625/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= @@ -962,6 +978,7 @@ github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -973,8 +990,9 @@ github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:Fecb github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 h1:0IKlLyQ3Hs9nDaiK5cSHAGmcQEIC8l2Ts1u6x5Dfrqg= github.com/grpc-ecosystem/go-grpc-middleware v1.2.0/go.mod h1:mJzapYve32yjrKlk9GbyCZHuPgZsrbyIbyKhSzOpg6s= +github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 h1:FlFbCRLd5Jr4iYXZufAvgWN6Ao0JrI5chLINnUXDDr0= +github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= @@ -1128,6 +1146,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/improbable-eng/grpc-web v0.15.0 h1:BN+7z6uNXZ1tQGcNAuaU1YjsLTApzkjt2tzCixLaUPQ= +github.com/improbable-eng/grpc-web v0.15.0/go.mod h1:1sy9HKV4Jt9aEs9JSnkWlRJPuPtwNr0l57L4f878wP8= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb-client-go/v2 v2.7.0 h1:QgP5mlBE9sGnzplpnf96pr+p7uqlIlL4W2GAP3n+XZg= @@ -1278,7 +1298,9 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE= github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw= github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= @@ -1328,6 +1350,7 @@ github.com/labstack/echo/v4 v4.6.3/go.mod h1:Hk5OiHj0kDqmFq7aHe7eDqI7CUhuCrfpupQ github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= +github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ= @@ -1522,7 +1545,9 @@ github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g= github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8= @@ -1730,6 +1755,7 @@ github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE= @@ -1748,6 +1774,7 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= @@ -1769,6 +1796,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik= +github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -1968,8 +1997,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c= github.com/traefik/paerser v0.1.9 h1:x5hZafOt/yogLvr6upoSOYIAn2nh2GsnLb236MOzd4I= github.com/traefik/paerser v0.1.9/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0= -github.com/traefik/yaegi v0.14.2 h1:9t9xepIfar6BrYdwJHGc+XRKo6qFoJCl6Z46N3hUtUw= -github.com/traefik/yaegi v0.14.2/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= +github.com/traefik/yaegi v0.14.3 h1:LqA0k8DKwvRMc+msfQjNusphHJc+r6WC5tZU5TmUFOM= +github.com/traefik/yaegi v0.14.3/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= github.com/transip/gotransip/v6 v6.17.0 h1:2RCyqYqz5+Ej8z96EyE4sf6tQrrfEBaFDO0LliSl6+8= github.com/transip/gotransip/v6 v6.17.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= @@ -1982,9 +2011,11 @@ github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/ github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= +github.com/ugorji/go v1.2.6 h1:tGiWC9HENWE2tqYycIqFTNorMmFRVhNwCpDOpWqnk8E= github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= +github.com/ugorji/go/codec v1.2.6 h1:7kbGefxLoDBuYXOms4yD7223OpNMMPNPZxXk5TvFcyQ= github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw= github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs= github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM= @@ -2208,6 +2239,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/exp v0.0.0-20200901203048-c4f52b2c50aa/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925 h1:5XVKs2rlCg8EFyRcvO8/XFwYxh1oKJO1Q3X5vttIf9c= golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925/go.mod h1:1phAWC201xIgDyaFpmDeZkgf70Q4Pd/CNqfRtVPtxNw= @@ -2280,6 +2312,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -2307,6 +2340,7 @@ golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2420,6 +2454,7 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2470,6 +2505,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2676,6 +2712,7 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -2695,6 +2732,7 @@ google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -2939,6 +2977,9 @@ launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80 mellium.im/sasl v0.2.1/go.mod h1:ROaEDLQNuf9vjKqE1SrAfnsobm2YKXT1gnN1uDp1PjQ= mvdan.cc/xurls/v2 v2.1.0 h1:KaMb5GLhlcSX+e+qhbRJODnUUBvlw01jt4yrjFIHAuA= mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E= +nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= +nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= +nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/integration/access_log_test.go b/integration/access_log_test.go index 458a491f6..ac00e47a9 100644 --- a/integration/access_log_test.go +++ b/integration/access_log_test.go @@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) { checkNoOtherTraefikProblems(c) } -func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { +func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) { ensureWorkingDirectoryIsClean() expected := []accessLogValue{ @@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { formatOnly: false, code: "403", user: "-", - routerName: "rt-frontendWhitelist", + routerName: "rt-frontendAllowlist", serviceURL: "-", }, } @@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { checkStatsForLogFile(c) - waitForTraefik(c, "frontendWhitelist") + waitForTraefik(c, "frontendAllowlist") // Verify Traefik started OK checkTraefikStarted(c) @@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { // Test rate limit req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil) c.Assert(err, checker.IsNil) - req.Host = "frontend.whitelist.docker.local" + req.Host = "frontend.allowlist.docker.local" err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody()) c.Assert(err, checker.IsNil) diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 391c23a2c..d7ca0f5da 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -967,6 +967,17 @@ spec: forward) all X-Forwarded-* headers.' type: boolean type: object + grpcWeb: + description: GrpcWeb holds the gRPC web middleware configuration. + This middleware converts a gRPC web request to an HTTP/2 gRPC request. + properties: + allowOrigins: + description: AllowOrigins is a list of allowable origins. Can + also be a wildcard origin "*". + items: + type: string + type: array + type: object headers: description: 'Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. More @@ -1149,7 +1160,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1174,14 +1185,14 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: 'IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/' properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1345,7 +1356,7 @@ spec: properties: ipStrategy: description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1541,8 +1552,8 @@ spec: format: int64 type: integer type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. + ipAllowList: + description: IPAllowList defines the IPAllowList middleware configuration. properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/integration/fixtures/simple_whitelist.toml b/integration/fixtures/simple_allowlist.toml similarity index 100% rename from integration/fixtures/simple_whitelist.toml rename to integration/fixtures/simple_allowlist.toml diff --git a/integration/fixtures/simple_metrics_with_buffer_middleware.toml b/integration/fixtures/simple_metrics_with_buffer_middleware.toml new file mode 100644 index 000000000..2781c1981 --- /dev/null +++ b/integration/fixtures/simple_metrics_with_buffer_middleware.toml @@ -0,0 +1,66 @@ +[global] + checkNewVersion = false + sendAnonymousUsage = false + +[log] + level = "DEBUG" + +[entryPoints] + [entryPoints.webA] + address = ":8001" + [entryPoints.webB] + address = ":8002" + [entryPoints.webC] + address = ":8003" + +[api] + insecure = true + +[metrics] + [metrics.prometheus] + buckets = "0.1,0.3,1.2,5.0" + +[providers] + [providers.file] + filename = "{{ .SelfFilename }}" + +## dynamic configuration ## + +[http.routers] + + [http.routers.router-without] + entrypoints = ["webA"] + service = "service-without" + rule = "PathPrefix(`/without`)" + + [http.routers.router-req] + entrypoints = ["webB"] + service = "service-req" + rule = "PathPrefix(`/with-req`)" + middlewares = ["buffer-req"] + + [http.routers.router-resp] + entrypoints = ["webC"] + service = "service-resp" + rule = "PathPrefix(`/with-resp`)" + middlewares = ["buffer-resp"] + +[http.middlewares] + [http.middlewares.buffer-req.buffering] + maxRequestBodyBytes = 10 + + [http.middlewares.buffer-resp.buffering] + maxResponseBodyBytes = 10 + +[http.services] + [http.services.service-without.loadBalancer] + [[http.services.service-without.loadBalancer.servers]] + url = "http://{{ .IP }}" + + [http.services.service-req.loadBalancer] + [[http.services.service-req.loadBalancer.servers]] + url = "http://{{ .IP }}" + + [http.services.service-resp.loadBalancer] + [[http.services.service-resp.loadBalancer.servers]] + url = "http://{{ .IP }}" diff --git a/integration/fixtures/tcp/ip-whitelist.toml b/integration/fixtures/tcp/ipallowlist.toml similarity index 83% rename from integration/fixtures/tcp/ip-whitelist.toml rename to integration/fixtures/tcp/ipallowlist.toml index 2718f0544..2ef8c13f4 100644 --- a/integration/fixtures/tcp/ip-whitelist.toml +++ b/integration/fixtures/tcp/ipallowlist.toml @@ -23,7 +23,7 @@ entryPoints = ["tcp"] rule = "HostSNI(`whoami-a.test`)" service = "whoami-a" - middlewares = ["blocking-ipwhitelist"] + middlewares = ["blocking-ipallowlist"] [tcp.routers.to-whoami-a.tls] passthrough = true @@ -31,7 +31,7 @@ entryPoints = ["tcp"] rule = "HostSNI(`whoami-b.test`)" service = "whoami-b" - middlewares = ["allowing-ipwhitelist"] + middlewares = ["allowing-ipallowlist"] [tcp.routers.to-whoami-b.tls] passthrough = true @@ -45,7 +45,7 @@ address = "{{ .WhoamiB }}" [tcp.middlewares] - [tcp.middlewares.allowing-ipwhitelist.ipWhiteList] + [tcp.middlewares.allowing-ipallowlist.ipAllowList] sourceRange = ["127.0.0.1/32"] - [tcp.middlewares.blocking-ipwhitelist.ipWhiteList] + [tcp.middlewares.blocking-ipallowlist.ipAllowList] sourceRange = ["127.127.127.127/32"] diff --git a/integration/resources/compose/access_log.yml b/integration/resources/compose/access_log.yml index 91b1a0c48..4e0cdbc83 100644 --- a/integration/resources/compose/access_log.yml +++ b/integration/resources/compose/access_log.yml @@ -75,14 +75,14 @@ services: traefik.http.middlewares.rate.ratelimit.burst: 2 traefik.http.services.service3.loadbalancer.server.port: 80 - frontendWhitelist: + frontendAllowlist: image: traefik/whoami labels: traefik.enable: true - traefik.http.routers.rt-frontendWhitelist.entryPoints: web - traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`) - traefik.http.routers.rt-frontendWhitelist.middlewares: wl - traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32 + traefik.http.routers.rt-frontendAllowlist.entryPoints: web + traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`) + traefik.http.routers.rt-frontendAllowlist.middlewares: wl + traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32 traefik.http.services.service3.loadbalancer.server.port: 80 networks: diff --git a/integration/resources/compose/allowlist.yml b/integration/resources/compose/allowlist.yml new file mode 100644 index 000000000..e5f4e0b31 --- /dev/null +++ b/integration/resources/compose/allowlist.yml @@ -0,0 +1,41 @@ +version: "3.8" +services: + noOverrideAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`) + traefik.http.routers.rt1.middlewares: wl1 + traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8 + + overrideIPStrategyRemoteAddrAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`) + traefik.http.routers.rt2.middlewares: wl2 + traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true + + overrideIPStrategyDepthAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`) + traefik.http.routers.rt3.middlewares: wl3 + traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3 + + overrideIPStrategyExcludedIPsAllowlist: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`) + traefik.http.routers.rt4.middlewares: wl4 + traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8 + traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2 + +networks: + default: + name: traefik-test-network + external: true diff --git a/integration/resources/compose/whitelist.yml b/integration/resources/compose/whitelist.yml deleted file mode 100644 index dc120903d..000000000 --- a/integration/resources/compose/whitelist.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: "3.8" -services: - noOverrideWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`) - traefik.http.routers.rt1.middlewares: wl1 - traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8 - - overrideIPStrategyRemoteAddrWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`) - traefik.http.routers.rt2.middlewares: wl2 - traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8 - traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true - - overrideIPStrategyDepthWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`) - traefik.http.routers.rt3.middlewares: wl3 - traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8 - traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3 - - overrideIPStrategyExcludedIPsWhitelist: - image: traefik/whoami - labels: - traefik.enable: true - traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`) - traefik.http.routers.rt4.middlewares: wl4 - traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8 - traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2 - -networks: - default: - name: traefik-test-network - external: true diff --git a/integration/simple_test.go b/integration/simple_test.go index c939d8f0a..fac915a27 100644 --- a/integration/simple_test.go +++ b/integration/simple_test.go @@ -308,7 +308,7 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint(c *check.C) { c.Assert(err, checker.IsNil) defer s.killCmd(cmd) - err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix")) + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix(`/whoami`)")) c.Assert(err, checker.IsNil) err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK)) @@ -369,6 +369,84 @@ func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService(c *check.C) { } } +// TestMetricsWithBufferingMiddleware checks that the buffering middleware +// (which introduces its own response writer in the chain), does not interfere with +// the capture middleware on which the metrics mechanism relies. +func (s *SimpleSuite) TestMetricsWithBufferingMiddleware(c *check.C) { + s.createComposeProject(c, "base") + + s.composeUp(c) + defer s.composeDown(c) + + server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte("MORE THAN TEN BYTES IN RESPONSE")) + })) + + server.Start() + defer server.Close() + + file := s.adaptFile(c, "fixtures/simple_metrics_with_buffer_middleware.toml", struct{ IP string }{IP: strings.TrimPrefix(server.URL, "http://")}) + defer os.Remove(file) + + cmd, output := s.traefikCmd(withConfigFile(file)) + defer output(c) + + err := cmd.Start() + c.Assert(err, checker.IsNil) + defer s.killCmd(cmd) + + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix(`/without`)")) + c.Assert(err, checker.IsNil) + + err = try.GetRequest("http://127.0.0.1:8001/without", 1*time.Second, try.StatusCodeIs(http.StatusOK)) + c.Assert(err, checker.IsNil) + + req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8002/with-req", strings.NewReader("MORE THAN TEN BYTES IN REQUEST")) + c.Assert(err, checker.IsNil) + + // The request should fail because the body is too large. + err = try.Request(req, 1*time.Second, try.StatusCodeIs(http.StatusRequestEntityTooLarge)) + c.Assert(err, checker.IsNil) + + // The request should fail because the response exceeds the configured limit. + err = try.GetRequest("http://127.0.0.1:8003/with-resp", 1*time.Second, try.StatusCodeIs(http.StatusInternalServerError)) + c.Assert(err, checker.IsNil) + + request, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/metrics", nil) + c.Assert(err, checker.IsNil) + + response, err := http.DefaultClient.Do(request) + c.Assert(err, checker.IsNil) + c.Assert(response.StatusCode, checker.Equals, http.StatusOK) + + body, err := io.ReadAll(response.Body) + c.Assert(err, checker.IsNil) + + // For allowed requests and responses, the entrypoint and service metrics have the same status code. + c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 1") + c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 0") + c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 31") + + c.Assert(string(body), checker.Contains, "traefik_service_requests_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 1") + c.Assert(string(body), checker.Contains, "traefik_service_requests_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 0") + c.Assert(string(body), checker.Contains, "traefik_service_responses_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 31") + + // For forbidden requests, the entrypoints have metrics, the services don't. + c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 1") + c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 0") + c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 24") + + // For disallowed responses, the entrypoint and service metrics don't have the same status code. + c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 0") + c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 1") + c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 21") + + c.Assert(string(body), checker.Contains, "traefik_service_requests_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 0") + c.Assert(string(body), checker.Contains, "traefik_service_requests_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 1") + c.Assert(string(body), checker.Contains, "traefik_service_responses_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 31") +} + func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) { s.createComposeProject(c, "base") @@ -397,13 +475,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) { c.Assert(err, checker.IsNil) } -func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { - s.createComposeProject(c, "whitelist") +func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) { + s.createComposeProject(c, "allowlist") s.composeUp(c) defer s.composeDown(c) - cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) + cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml")) defer output(c) err := cmd.Start() @@ -413,7 +491,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override")) c.Assert(err, checker.IsNil) - err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local")) + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local")) c.Assert(err, checker.IsNil) testCases := []struct { @@ -425,31 +503,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { { desc: "override remote addr reject", xForwardedFor: "8.8.8.8,8.8.8.8", - host: "override.remoteaddr.whitelist.docker.local", + host: "override.remoteaddr.allowlist.docker.local", expectedStatusCode: 403, }, { desc: "override depth accept", xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1", - host: "override.depth.whitelist.docker.local", + host: "override.depth.allowlist.docker.local", expectedStatusCode: 200, }, { desc: "override depth reject", xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1", - host: "override.depth.whitelist.docker.local", + host: "override.depth.allowlist.docker.local", expectedStatusCode: 403, }, { desc: "override excludedIPs reject", xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2", - host: "override.excludedips.whitelist.docker.local", + host: "override.excludedips.allowlist.docker.local", expectedStatusCode: 403, }, { desc: "override excludedIPs accept", xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2", - host: "override.excludedips.whitelist.docker.local", + host: "override.excludedips.allowlist.docker.local", expectedStatusCode: 200, }, } @@ -468,12 +546,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { } func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) { - s.createComposeProject(c, "whitelist") + s.createComposeProject(c, "allowlist") s.composeUp(c) defer s.composeDown(c) - cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) + cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml")) defer output(c) err := cmd.Start() @@ -481,13 +559,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) { defer s.killCmd(cmd) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, - try.BodyContains("override.remoteaddr.whitelist.docker.local")) + try.BodyContains("override.remoteaddr.allowlist.docker.local")) c.Assert(err, checker.IsNil) req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil) c.Assert(err, checker.IsNil) - req.Host = "override.depth.whitelist.docker.local" + req.Host = "override.depth.allowlist.docker.local" req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1") err = try.Request(req, 1*time.Second, diff --git a/integration/tcp_test.go b/integration/tcp_test.go index 52a3813c9..c4da20a27 100644 --- a/integration/tcp_test.go +++ b/integration/tcp_test.go @@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) { c.Assert(err, checker.IsNil) } -func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) { - file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct { +func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) { + file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct { WhoamiA string WhoamiB string }{ @@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) { err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)")) c.Assert(err, checker.IsNil) - // Traefik not passes through, ipWhitelist closes connection + // Traefik not passes through, ipAllowList closes connection _, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test") c.Assert(err, checker.ErrorMatches, "EOF") diff --git a/pkg/api/handler_overview_test.go b/pkg/api/handler_overview_test.go index 8937c0204..b7f96c6b9 100644 --- a/pkg/api/handler_overview_test.go +++ b/pkg/api/handler_overview_test.go @@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) { }, }, TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist1@myprovider": { + "ipallowlist1@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, Status: runtime.StatusEnabled, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, }, - "ipwhitelist3@myprovider": { + "ipallowlist3@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, diff --git a/pkg/api/handler_tcp_test.go b/pkg/api/handler_tcp_test.go index 3e14921fb..18ac7708c 100644 --- a/pkg/api/handler_tcp_test.go +++ b/pkg/api/handler_tcp_test.go @@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist1@myprovider": { + "ipallowlist1@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, }, - "ipwhitelist1@anotherprovider": { + "ipallowlist1@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares?status=enabled", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, Status: runtime.StatusEnabled, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, Status: runtime.StatusDisabled, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) { }, { desc: "middlewares filtered by search", - path: "/api/tcp/middlewares?search=ipwhitelist", + path: "/api/tcp/middlewares?search=ipallowlist", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ "bad@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, Status: runtime.StatusEnabled, }, - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"test@myprovider"}, Status: runtime.StatusDisabled, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares?page=2&per_page=1", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) { }, { desc: "one middleware by id", - path: "/api/tcp/middlewares/ipwhitelist@myprovider", + path: "/api/tcp/middlewares/ipallowlist@myprovider", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, UsedBy: []string{"bar@myprovider", "test@myprovider"}, }, - "ipwhitelist2@myprovider": { + "ipallowlist2@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.2/32"}, }, }, UsedBy: []string{"test@myprovider"}, }, - "ipwhitelist@anotherprovider": { + "ipallowlist@anotherprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) { }, expected: expected{ statusCode: http.StatusOK, - jsonFile: "testdata/tcpmiddleware-ipwhitelist.json", + jsonFile: "testdata/tcpmiddleware-ipallowlist.json", }, }, { @@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) { path: "/api/tcp/middlewares/foo@myprovider", conf: runtime.Configuration{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ - "ipwhitelist@myprovider": { + "ipallowlist@myprovider": { TCPMiddleware: &dynamic.TCPMiddleware{ - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, diff --git a/pkg/api/testdata/tcpmiddleware-ipwhitelist.json b/pkg/api/testdata/tcpmiddleware-ipallowlist.json similarity index 64% rename from pkg/api/testdata/tcpmiddleware-ipwhitelist.json rename to pkg/api/testdata/tcpmiddleware-ipallowlist.json index 95f2540de..e3cf5ff72 100644 --- a/pkg/api/testdata/tcpmiddleware-ipwhitelist.json +++ b/pkg/api/testdata/tcpmiddleware-ipallowlist.json @@ -1,13 +1,13 @@ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@myprovider", + "name": "ipallowlist@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider", "test@myprovider" ] -} \ No newline at end of file +} diff --git a/pkg/api/testdata/tcpmiddlewares-filtered-search.json b/pkg/api/testdata/tcpmiddlewares-filtered-search.json index 5dc58379e..cd8ce0265 100644 --- a/pkg/api/testdata/tcpmiddlewares-filtered-search.json +++ b/pkg/api/testdata/tcpmiddlewares-filtered-search.json @@ -1,26 +1,26 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@anotherprovider", + "name": "ipallowlist@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@myprovider", + "name": "ipallowlist@myprovider", "provider": "myprovider", "status": "disabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "test@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/api/testdata/tcpmiddlewares-filtered-status.json b/pkg/api/testdata/tcpmiddlewares-filtered-status.json index 906679181..f9a0cf9ae 100644 --- a/pkg/api/testdata/tcpmiddlewares-filtered-status.json +++ b/pkg/api/testdata/tcpmiddlewares-filtered-status.json @@ -1,27 +1,27 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@anotherprovider", + "name": "ipallowlist@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@myprovider", + "name": "ipallowlist@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider", "test@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/api/testdata/tcpmiddlewares-page2.json b/pkg/api/testdata/tcpmiddlewares-page2.json index 76c516876..4195437e3 100644 --- a/pkg/api/testdata/tcpmiddlewares-page2.json +++ b/pkg/api/testdata/tcpmiddlewares-page2.json @@ -1,14 +1,14 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist@anotherprovider", + "name": "ipallowlist@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/api/testdata/tcpmiddlewares.json b/pkg/api/testdata/tcpmiddlewares.json index b1c0cdab1..381ffe658 100644 --- a/pkg/api/testdata/tcpmiddlewares.json +++ b/pkg/api/testdata/tcpmiddlewares.json @@ -1,39 +1,39 @@ [ { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist1@anotherprovider", + "name": "ipallowlist1@anotherprovider", "provider": "anotherprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.1/32"] }, - "name": "ipwhitelist1@myprovider", + "name": "ipallowlist1@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "bar@myprovider", "test@myprovider" ] }, { - "ipWhiteList": { + "ipAllowList": { "sourceRange": ["127.0.0.2/32"] }, - "name": "ipwhitelist2@myprovider", + "name": "ipallowlist2@myprovider", "provider": "myprovider", "status": "enabled", - "type": "ipwhitelist", + "type": "ipallowlist", "usedBy": [ "test@myprovider" ] } -] \ No newline at end of file +] diff --git a/pkg/config/dynamic/fixtures/sample.toml b/pkg/config/dynamic/fixtures/sample.toml index 11e586ea0..4e52c4d03 100644 --- a/pkg/config/dynamic/fixtures/sample.toml +++ b/pkg/config/dynamic/fixtures/sample.toml @@ -358,11 +358,11 @@ [http.middlewares.Middleware5.chain] middlewares = ["foobar", "foobar"] [http.middlewares.Middleware6] - [http.middlewares.Middleware6.ipWhiteList] + [http.middlewares.Middleware6.ipAllowList] sourceRange = ["foobar", "foobar"] [http.middlewares.Middleware7] - [http.middlewares.Middleware7.ipWhiteList] - [http.middlewares.Middleware7.ipWhiteList.ipStrategy] + [http.middlewares.Middleware7.ipAllowList] + [http.middlewares.Middleware7.ipAllowList.ipStrategy] depth = 42 excludedIPs = ["foobar", "foobar"] [http.middlewares.Middleware8] diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 0d849c273..ea482a9eb 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -18,7 +18,7 @@ type Middleware struct { ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"` ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"` Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"` - IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` + IPAllowList *IPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"` Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"` Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"` RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"` @@ -34,12 +34,23 @@ type Middleware struct { PassTLSClientCert *PassTLSClientCert `json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty" export:"true"` Retry *Retry `json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty" export:"true"` ContentType *ContentType `json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty" export:"true"` + GrpcWeb *GrpcWeb `json:"grpcWeb,omitempty" toml:"grpcWeb,omitempty" yaml:"grpcWeb,omitempty" export:"true"` Plugin map[string]PluginConf `json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true"` } // +k8s:deepcopy-gen=true +// GrpcWeb holds the gRPC web middleware configuration. +// This middleware converts a gRPC web request to an HTTP/2 gRPC request. +type GrpcWeb struct { + // AllowOrigins is a list of allowable origins. + // Can also be a wildcard origin "*". + AllowOrigins []string `json:"allowOrigins,omitempty" toml:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"` +} + +// +k8s:deepcopy-gen=true + // ContentType holds the content-type middleware configuration. // This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. type ContentType struct { @@ -346,7 +357,7 @@ func (h *Headers) HasSecureHeadersDefined() bool { // +k8s:deepcopy-gen=true // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. -// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy +// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy type IPStrategy struct { // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` @@ -385,10 +396,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) { // +k8s:deepcopy-gen=true -// IPWhiteList holds the IP whitelist middleware configuration. +// IPAllowList holds the IP allowlist middleware configuration. // This middleware accepts / refuses requests based on the client IP. -// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/ -type IPWhiteList struct { +// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/ +type IPAllowList struct { // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go index 620db44b4..a9e191287 100644 --- a/pkg/config/dynamic/tcp_middlewares.go +++ b/pkg/config/dynamic/tcp_middlewares.go @@ -5,7 +5,7 @@ package dynamic // TCPMiddleware holds the TCPMiddleware configuration. type TCPMiddleware struct { InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"` - IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` + IPAllowList *TCPIPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"` } // +k8s:deepcopy-gen=true @@ -22,9 +22,9 @@ type TCPInFlightConn struct { // +k8s:deepcopy-gen=true -// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration. +// TCPIPAllowList holds the TCP IPAllowList middleware configuration. // This middleware accepts/refuses connections based on the client IP. -type TCPIPWhiteList struct { +type TCPIPAllowList struct { // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` } diff --git a/pkg/config/dynamic/zz_generated.deepcopy.go b/pkg/config/dynamic/zz_generated.deepcopy.go index a41da2198..a12fc760f 100644 --- a/pkg/config/dynamic/zz_generated.deepcopy.go +++ b/pkg/config/dynamic/zz_generated.deepcopy.go @@ -353,6 +353,27 @@ func (in *ForwardingTimeouts) DeepCopy() *ForwardingTimeouts { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GrpcWeb) DeepCopyInto(out *GrpcWeb) { + *out = *in + if in.AllowOrigins != nil { + in, out := &in.AllowOrigins, &out.AllowOrigins + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrpcWeb. +func (in *GrpcWeb) DeepCopy() *GrpcWeb { + if in == nil { + return nil + } + out := new(GrpcWeb) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HTTPConfiguration) DeepCopyInto(out *HTTPConfiguration) { *out = *in @@ -532,6 +553,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAllowList) DeepCopyInto(out *IPAllowList) { + *out = *in + if in.SourceRange != nil { + in, out := &in.SourceRange, &out.SourceRange + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IPStrategy != nil { + in, out := &in.IPStrategy, &out.IPStrategy + *out = new(IPStrategy) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList. +func (in *IPAllowList) DeepCopy() *IPAllowList { + if in == nil { + return nil + } + out := new(IPAllowList) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPStrategy) DeepCopyInto(out *IPStrategy) { *out = *in @@ -553,32 +600,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) { - *out = *in - if in.SourceRange != nil { - in, out := &in.SourceRange, &out.SourceRange - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.IPStrategy != nil { - in, out := &in.IPStrategy, &out.IPStrategy - *out = new(IPStrategy) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList. -func (in *IPWhiteList) DeepCopy() *IPWhiteList { - if in == nil { - return nil - } - out := new(IPWhiteList) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InFlightReq) DeepCopyInto(out *InFlightReq) { *out = *in @@ -654,9 +675,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) { *out = new(Chain) (*in).DeepCopyInto(*out) } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(IPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(IPAllowList) (*in).DeepCopyInto(*out) } if in.Headers != nil { @@ -734,6 +755,11 @@ func (in *Middleware) DeepCopyInto(out *Middleware) { *out = new(ContentType) **out = **in } + if in.GrpcWeb != nil { + in, out := &in.GrpcWeb, &out.GrpcWeb + *out = new(GrpcWeb) + (*in).DeepCopyInto(*out) + } if in.Plugin != nil { in, out := &in.Plugin, &out.Plugin *out = make(map[string]PluginConf, len(*in)) @@ -1384,7 +1410,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) { +func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) { *out = *in if in.SourceRange != nil { in, out := &in.SourceRange, &out.SourceRange @@ -1394,12 +1420,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList. -func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList. +func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList { if in == nil { return nil } - out := new(TCPIPWhiteList) + out := new(TCPIPAllowList) in.DeepCopyInto(out) return out } @@ -1428,9 +1454,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) { *out = new(TCPInFlightConn) **out = **in } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(TCPIPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(TCPIPAllowList) (*in).DeepCopyInto(*out) } return diff --git a/pkg/config/label/label_test.go b/pkg/config/label/label_test.go index d9b40ffb8..e3bb4e609 100644 --- a/pkg/config/label/label_test.go +++ b/pkg/config/label/label_test.go @@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true", "traefik.http.middlewares.Middleware8.headers.stspreload": "true", "traefik.http.middlewares.Middleware8.headers.stsseconds": "42", - "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth": "42", - "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips": "foobar, fiibar", - "traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42", + "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar", + "traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar", "traefik.http.middlewares.Middleware10.inflightreq.amount": "42", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar", @@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.services.Service1.loadbalancer.sticky": "false", "traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui", - "traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42", "traefik.tcp.routers.Router0.rule": "foobar", "traefik.tcp.routers.Router0.priority": "42", @@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware0": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, @@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) { }, }, "Middleware9": { - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{ "foobar", "fiibar", @@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware0": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, @@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) { }, }, "Middleware9": { - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{ "foobar", "fiibar", @@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42", - "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth": "42", - "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs": "foobar, fiibar", - "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange": "foobar, fiibar", + "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42", + "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar", + "traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar", @@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar", "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar", - "traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar", + "traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar", "traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42", "traefik.TCP.Routers.Router0.Rule": "foobar", "traefik.TCP.Routers.Router0.Priority": "42", diff --git a/pkg/ip/checker_test.go b/pkg/ip/checker_test.go index da2f07861..69ab9c1da 100644 --- a/pkg/ip/checker_test.go +++ b/pkg/ip/checker_test.go @@ -11,25 +11,25 @@ import ( func TestIsAuthorized(t *testing.T) { testCases := []struct { desc string - whiteList []string + allowList []string remoteAddr string authorized bool }{ { desc: "remoteAddr not in range", - whiteList: []string{"1.2.3.4/24"}, + allowList: []string{"1.2.3.4/24"}, remoteAddr: "10.2.3.1:123", authorized: false, }, { desc: "remoteAddr in range", - whiteList: []string{"1.2.3.4/24"}, + allowList: []string{"1.2.3.4/24"}, remoteAddr: "1.2.3.1:123", authorized: true, }, { desc: "octal ip in remoteAddr", - whiteList: []string{"127.2.3.4/24"}, + allowList: []string{"127.2.3.4/24"}, remoteAddr: "0127.2.3.1:123", authorized: false, }, @@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - ipChecker, err := NewChecker(test.whiteList) + ipChecker, err := NewChecker(test.allowList) require.NoError(t, err) err = ipChecker.IsAuthorized(test.remoteAddr) diff --git a/pkg/middlewares/accesslog/logger.go b/pkg/middlewares/accesslog/logger.go index 841728582..cf729c6de 100644 --- a/pkg/middlewares/accesslog/logger.go +++ b/pkg/middlewares/accesslog/logger.go @@ -227,6 +227,15 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http core[ClientHost] = forwardedFor } + ctx := req.Context() + capt, err := capture.FromContext(ctx) + if err != nil { + log.FromContext(log.With(ctx, log.Str(log.MiddlewareType, "AccessLogs"))). + WithError(err). + Errorf("Could not get Capture") + return + } + next.ServeHTTP(rw, reqWithDataTable) if _, ok := core[ClientUsername]; !ok { @@ -237,13 +246,6 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http headers: rw.Header().Clone(), } - ctx := req.Context() - capt, err := capture.FromContext(ctx) - if err != nil { - log.FromContext(log.With(ctx, log.Str(log.MiddlewareType, "AccessLogs"))).Errorf("Could not get Capture: %v", err) - return - } - logDataTable.DownstreamResponse.status = capt.StatusCode() logDataTable.DownstreamResponse.size = capt.ResponseSize() logDataTable.Request.size = capt.RequestSize() diff --git a/pkg/middlewares/accesslog/logger_test.go b/pkg/middlewares/accesslog/logger_test.go index b7b3b565e..80bda1530 100644 --- a/pkg/middlewares/accesslog/logger_test.go +++ b/pkg/middlewares/accesslog/logger_test.go @@ -57,7 +57,7 @@ func TestLogRotation(t *testing.T) { }) chain := alice.New() - chain = chain.Append(capture.WrapHandler(&capture.Handler{})) + chain = chain.Append(capture.Wrap) chain = chain.Append(WrapHandler(logHandler)) handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { rw.WriteHeader(http.StatusOK) @@ -210,7 +210,7 @@ func TestLoggerHeaderFields(t *testing.T) { } chain := alice.New() - chain = chain.Append(capture.WrapHandler(&capture.Handler{})) + chain = chain.Append(capture.Wrap) chain = chain.Append(WrapHandler(logger)) handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { rw.WriteHeader(http.StatusOK) @@ -784,7 +784,7 @@ func doLoggingTLSOpt(t *testing.T, config *types.AccessLog, enableTLS bool) { } chain := alice.New() - chain = chain.Append(capture.WrapHandler(&capture.Handler{})) + chain = chain.Append(capture.Wrap) chain = chain.Append(WrapHandler(logger)) handler, err := chain.Then(http.HandlerFunc(logWriterTestHandlerFunc)) require.NoError(t, err) diff --git a/pkg/middlewares/capture/capture.go b/pkg/middlewares/capture/capture.go index 6ee0ed399..845c2e983 100644 --- a/pkg/middlewares/capture/capture.go +++ b/pkg/middlewares/capture/capture.go @@ -3,9 +3,8 @@ // For another middleware to get those attributes of a request/response, this middleware // should be added before in the middleware chain. // -// handler, _ := NewHandler() // chain := alice.New(). -// Append(WrapHandler(handler)). +// Append(capture.Wrap). // Append(myOtherMiddleware). // then(...) // @@ -33,7 +32,6 @@ import ( "net" "net/http" - "github.com/containous/alice" "github.com/traefik/traefik/v2/pkg/middlewares" ) @@ -41,62 +39,67 @@ type key string const capturedData key = "capturedData" -// Handler will store each request data to its context. -type Handler struct{} - -// WrapHandler wraps capture handler into an Alice Constructor. -func WrapHandler(handler *Handler) alice.Constructor { - return func(next http.Handler) (http.Handler, error) { - return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - handler.ServeHTTP(rw, req, next) - }), nil - } +// Wrap returns a new handler that inserts a Capture into the given handler. +// It satisfies the alice.Constructor type. +func Wrap(handler http.Handler) (http.Handler, error) { + c := Capture{} + return c.Reset(handler), nil } -func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http.Handler) { - c := Capture{} - if req.Body != nil { - readCounter := &readCounter{source: req.Body} - c.rr = readCounter - req.Body = readCounter +// FromContext returns the Capture value found in ctx, or an empty Capture otherwise. +func FromContext(ctx context.Context) (Capture, error) { + c := ctx.Value(capturedData) + if c == nil { + return Capture{}, errors.New("value not found in context") } - responseWriter := newResponseWriter(rw) - c.rw = responseWriter - ctx := context.WithValue(req.Context(), capturedData, &c) - next.ServeHTTP(responseWriter, req.WithContext(ctx)) + capt, ok := c.(*Capture) + if !ok { + return Capture{}, errors.New("value stored in context is not a *Capture") + } + return *capt, nil } // Capture is the object populated by the capture middleware, -// allowing to gather information about the request and response. +// holding probes that allow to gather information about the request and response. type Capture struct { rr *readCounter rw responseWriter } -// FromContext returns the Capture value found in ctx, or an empty Capture otherwise. -func FromContext(ctx context.Context) (*Capture, error) { - c := ctx.Value(capturedData) - if c == nil { - return nil, errors.New("value not found") - } - capt, ok := c.(*Capture) - if !ok { - return nil, errors.New("value stored in Context is not a *Capture") - } - return capt, nil +// NeedsReset returns whether the given http.ResponseWriter is the capture's probe. +func (c *Capture) NeedsReset(rw http.ResponseWriter) bool { + return c.rw != rw } -func (c Capture) ResponseSize() int64 { +// Reset returns a new handler that renews the Capture's probes, and inserts +// them when deferring to next. +func (c *Capture) Reset(next http.Handler) http.Handler { + return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + ctx := context.WithValue(req.Context(), capturedData, c) + newReq := req.WithContext(ctx) + + if newReq.Body != nil { + readCounter := &readCounter{source: newReq.Body} + c.rr = readCounter + newReq.Body = readCounter + } + c.rw = newResponseWriter(rw) + + next.ServeHTTP(c.rw, newReq) + }) +} + +func (c *Capture) ResponseSize() int64 { return c.rw.Size() } -func (c Capture) StatusCode() int { +func (c *Capture) StatusCode() int { return c.rw.Status() } // RequestSize returns the size of the request's body if it applies, // zero otherwise. -func (c Capture) RequestSize() int64 { +func (c *Capture) RequestSize() int64 { if c.rr == nil { return 0 } diff --git a/pkg/middlewares/capture/capture_test.go b/pkg/middlewares/capture/capture_test.go index f6718ad6e..9d8f91fcf 100644 --- a/pkg/middlewares/capture/capture_test.go +++ b/pkg/middlewares/capture/capture_test.go @@ -38,9 +38,8 @@ func TestCapture(t *testing.T) { assert.Equal(t, "bar", string(all)) }) - wrapped := WrapHandler(&Handler{}) chain := alice.New() - chain = chain.Append(wrapped) + chain = chain.Append(Wrap) chain = chain.Append(wrapMiddleware) handlers, err := chain.Then(handler) require.NoError(t, err) @@ -142,8 +141,7 @@ func BenchmarkCapture(b *testing.B) { chain := alice.New() if test.capture || test.body { - captureWrapped := WrapHandler(&Handler{}) - chain = chain.Append(captureWrapped) + chain = chain.Append(Wrap) } handlers, err := chain.Then(next) require.NoError(b, err) diff --git a/pkg/middlewares/grpcweb/grpcweb.go b/pkg/middlewares/grpcweb/grpcweb.go new file mode 100644 index 000000000..b5dffe6f0 --- /dev/null +++ b/pkg/middlewares/grpcweb/grpcweb.go @@ -0,0 +1,27 @@ +package grpcweb + +import ( + "context" + "net/http" + + "github.com/improbable-eng/grpc-web/go/grpcweb" + "github.com/traefik/traefik/v2/pkg/config/dynamic" + "github.com/traefik/traefik/v2/pkg/log" + "github.com/traefik/traefik/v2/pkg/middlewares" +) + +const typeName = "grpc-web" + +// New builds a new gRPC web request converter. +func New(ctx context.Context, next http.Handler, config dynamic.GrpcWeb, name string) http.Handler { + log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)).Debug("Creating middleware") + + return grpcweb.WrapHandler(next, grpcweb.WithCorsForRegisteredEndpointsOnly(false), grpcweb.WithOriginFunc(func(origin string) bool { + for _, originCfg := range config.AllowOrigins { + if originCfg == "*" || originCfg == origin { + return true + } + } + return false + })) +} diff --git a/pkg/middlewares/ipwhitelist/ip_whitelist.go b/pkg/middlewares/ipallowlist/ip_allowlist.go similarity index 59% rename from pkg/middlewares/ipwhitelist/ip_whitelist.go rename to pkg/middlewares/ipallowlist/ip_allowlist.go index dde042b42..d700a9279 100644 --- a/pkg/middlewares/ipwhitelist/ip_whitelist.go +++ b/pkg/middlewares/ipallowlist/ip_allowlist.go @@ -1,4 +1,4 @@ -package ipwhitelist +package ipallowlist import ( "context" @@ -15,29 +15,29 @@ import ( ) const ( - typeName = "IPWhiteLister" + typeName = "IPAllowLister" ) -// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. -type ipWhiteLister struct { +// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists. +type ipAllowLister struct { next http.Handler - whiteLister *ip.Checker + allowLister *ip.Checker strategy ip.Strategy name string } -// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist. -func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) { +// New builds a new IPAllowLister given a list of CIDR-Strings to allow. +func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) { logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger.Debug("Creating middleware") if len(config.SourceRange) == 0 { - return nil, errors.New("sourceRange is empty, IPWhiteLister not created") + return nil, errors.New("sourceRange is empty, IPAllowLister not created") } checker, err := ip.NewChecker(config.SourceRange) if err != nil { - return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) + return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err) } strategy, err := config.IPStrategy.Get() @@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam return nil, err } - logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) + logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange) - return &ipWhiteLister{ + return &ipAllowLister{ strategy: strategy, - whiteLister: checker, + allowLister: checker, next: next, name: name, }, nil } -func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) { - return wl.name, tracing.SpanKindNoneEnum +func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) { + return al.name, tracing.SpanKindNoneEnum } -func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName) +func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName) logger := log.FromContext(ctx) - clientIP := wl.strategy.GetIP(req) - err := wl.whiteLister.IsAuthorized(clientIP) + clientIP := al.strategy.GetIP(req) + err := al.allowLister.IsAuthorized(clientIP) if err != nil { msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err) logger.Debug(msg) @@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { } logger.Debugf("Accepting IP %s", clientIP) - wl.next.ServeHTTP(rw, req) + al.next.ServeHTTP(rw, req) } func reject(ctx context.Context, rw http.ResponseWriter) { diff --git a/pkg/middlewares/ipwhitelist/ip_whitelist_test.go b/pkg/middlewares/ipallowlist/ip_allowlist_test.go similarity index 73% rename from pkg/middlewares/ipwhitelist/ip_whitelist_test.go rename to pkg/middlewares/ipallowlist/ip_allowlist_test.go index 2fabbfae7..df2e49835 100644 --- a/pkg/middlewares/ipwhitelist/ip_whitelist_test.go +++ b/pkg/middlewares/ipallowlist/ip_allowlist_test.go @@ -1,4 +1,4 @@ -package ipwhitelist +package ipallowlist import ( "context" @@ -11,22 +11,22 @@ import ( "github.com/traefik/traefik/v2/pkg/config/dynamic" ) -func TestNewIPWhiteLister(t *testing.T) { +func TestNewIPAllowLister(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.IPWhiteList + allowList dynamic.IPAllowList expectedError bool }{ { desc: "invalid IP", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"foo"}, }, expectedError: true, }, { desc: "valid IP", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"10.10.10.10"}, }, }, @@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) { t.Parallel() next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") if test.expectedError { assert.Error(t, err) } else { require.NoError(t, err) - assert.NotNil(t, whiteLister) + assert.NotNil(t, allowLister) } }) } } -func TestIPWhiteLister_ServeHTTP(t *testing.T) { +func TestIPAllowLister_ServeHTTP(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.IPWhiteList + allowList dynamic.IPAllowList remoteAddr string expected int }{ { desc: "authorized with remote address", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.20:1234", @@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { }, { desc: "non authorized with remote address", - whiteList: dynamic.IPWhiteList{ + allowList: dynamic.IPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.21:1234", @@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { t.Parallel() next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") require.NoError(t, err) recorder := httptest.NewRecorder() @@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { req.RemoteAddr = test.remoteAddr } - whiteLister.ServeHTTP(recorder, req) + allowLister.ServeHTTP(recorder, req) assert.Equal(t, test.expected, recorder.Code) }) diff --git a/pkg/middlewares/metrics/metrics.go b/pkg/middlewares/metrics/metrics.go index 08d0185cc..48ff699c7 100644 --- a/pkg/middlewares/metrics/metrics.go +++ b/pkg/middlewares/metrics/metrics.go @@ -24,6 +24,7 @@ const ( protoWebsocket = "websocket" typeName = "Metrics" nameEntrypoint = "metrics-entrypoint" + nameRouter = "metrics-router" nameService = "metrics-service" ) @@ -56,7 +57,7 @@ func NewEntryPointMiddleware(ctx context.Context, next http.Handler, registry me // NewRouterMiddleware creates a new metrics middleware for a Router. func NewRouterMiddleware(ctx context.Context, next http.Handler, registry metrics.Registry, routerName string, serviceName string) http.Handler { - log.FromContext(middlewares.GetLoggerCtx(ctx, nameEntrypoint, typeName)).Debug("Creating middleware") + log.FromContext(middlewares.GetLoggerCtx(ctx, nameRouter, typeName)).Debug("Creating middleware") return &metricsMiddleware{ next: next, @@ -125,17 +126,25 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request) m.reqsTLSCounter.With(tlsLabels...).Add(1) } - start := time.Now() - - m.next.ServeHTTP(rw, req) - ctx := req.Context() + capt, err := capture.FromContext(ctx) if err != nil { - log.FromContext(middlewares.GetLoggerCtx(ctx, nameEntrypoint, typeName)).Errorf("Could not get Capture: %w", err) + for i := 0; i < len(m.baseLabels); i += 2 { + ctx = log.With(ctx, log.Str(m.baseLabels[i], m.baseLabels[i+1])) + } + log.FromContext(ctx).WithError(err).Errorf("Could not get Capture") return } + next := m.next + if capt.NeedsReset(rw) { + next = capt.Reset(m.next) + } + + start := time.Now() + next.ServeHTTP(rw, req) + labels = append(labels, "code", strconv.Itoa(capt.StatusCode())) m.reqDurationHistogram.With(labels...).ObserveFromStart(start) m.reqsCounter.With(labels...).Add(1) diff --git a/pkg/middlewares/tcp/inflightconn/inflight_conn.go b/pkg/middlewares/tcp/inflightconn/inflight_conn.go index dbb602432..ddbb4bdab 100644 --- a/pkg/middlewares/tcp/inflightconn/inflight_conn.go +++ b/pkg/middlewares/tcp/inflightconn/inflight_conn.go @@ -1,4 +1,4 @@ -package tcpinflightconn +package inflightconn import ( "context" diff --git a/pkg/middlewares/tcp/inflightconn/inflight_conn_test.go b/pkg/middlewares/tcp/inflightconn/inflight_conn_test.go index 666df4317..138e92b41 100644 --- a/pkg/middlewares/tcp/inflightconn/inflight_conn_test.go +++ b/pkg/middlewares/tcp/inflightconn/inflight_conn_test.go @@ -1,4 +1,4 @@ -package tcpinflightconn +package inflightconn import ( "context" diff --git a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go b/pkg/middlewares/tcp/ipallowlist/ip_allowlist.go similarity index 54% rename from pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go rename to pkg/middlewares/tcp/ipallowlist/ip_allowlist.go index 755972e70..dd5d14d43 100644 --- a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go +++ b/pkg/middlewares/tcp/ipallowlist/ip_allowlist.go @@ -1,4 +1,4 @@ -package tcpipwhitelist +package ipallowlist import ( "context" @@ -13,46 +13,46 @@ import ( ) const ( - typeName = "IPWhiteListerTCP" + typeName = "IPAllowListerTCP" ) -// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. -type ipWhiteLister struct { +// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists. +type ipAllowLister struct { next tcp.Handler - whiteLister *ip.Checker + allowLister *ip.Checker name string } -// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist. -func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) { +// New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow. +func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) { logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger.Debug("Creating middleware") if len(config.SourceRange) == 0 { - return nil, errors.New("sourceRange is empty, IPWhiteLister not created") + return nil, errors.New("sourceRange is empty, IPAllowLister not created") } checker, err := ip.NewChecker(config.SourceRange) if err != nil { - return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) + return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err) } - logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) + logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange) - return &ipWhiteLister{ - whiteLister: checker, + return &ipAllowLister{ + allowLister: checker, next: next, name: name, }, nil } -func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) { - ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName) +func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) { + ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName) logger := log.FromContext(ctx) addr := conn.RemoteAddr().String() - err := wl.whiteLister.IsAuthorized(addr) + err := al.allowLister.IsAuthorized(addr) if err != nil { logger.Errorf("Connection from %s rejected: %v", addr, err) conn.Close() @@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) { logger.Debugf("Connection from %s accepted", addr) - wl.next.ServeTCP(conn) + al.next.ServeTCP(conn) } diff --git a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go b/pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go similarity index 76% rename from pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go rename to pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go index 67780dfb6..4f3b59e15 100644 --- a/pkg/middlewares/tcp/ipwhitelist/ip_whitelist_test.go +++ b/pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go @@ -1,4 +1,4 @@ -package tcpipwhitelist +package ipallowlist import ( "context" @@ -12,27 +12,27 @@ import ( "github.com/traefik/traefik/v2/pkg/tcp" ) -func TestNewIPWhiteLister(t *testing.T) { +func TestNewIPAllowLister(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.TCPIPWhiteList + allowList dynamic.TCPIPAllowList expectedError bool }{ { desc: "Empty config", - whiteList: dynamic.TCPIPWhiteList{}, + allowList: dynamic.TCPIPAllowList{}, expectedError: true, }, { desc: "invalid IP", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"foo"}, }, expectedError: true, }, { desc: "valid IP", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"10.10.10.10"}, }, }, @@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) { t.Parallel() next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {}) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") if test.expectedError { assert.Error(t, err) } else { require.NoError(t, err) - assert.NotNil(t, whiteLister) + assert.NotNil(t, allowLister) } }) } } -func TestIPWhiteLister_ServeHTTP(t *testing.T) { +func TestIPAllowLister_ServeHTTP(t *testing.T) { testCases := []struct { desc string - whiteList dynamic.TCPIPWhiteList + allowList dynamic.TCPIPAllowList remoteAddr string expected string }{ { desc: "authorized with remote address", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.20:1234", @@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { }, { desc: "non authorized with remote address", - whiteList: dynamic.TCPIPWhiteList{ + allowList: dynamic.TCPIPAllowList{ SourceRange: []string{"20.20.20.20"}, }, remoteAddr: "20.20.20.21:1234", @@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) { require.NoError(t, err) }) - whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") + allowLister, err := New(context.Background(), next, test.allowList, "traefikTest") require.NoError(t, err) server, client := net.Pipe() go func() { - whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}}) + allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}}) }() read, err := io.ReadAll(server) diff --git a/pkg/provider/consulcatalog/config_test.go b/pkg/provider/consulcatalog/config_test.go index 3d54b5436..bb4653782 100644 --- a/pkg/provider/consulcatalog/config_test.go +++ b/pkg/provider/consulcatalog/config_test.go @@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) { Name: "Test", Labels: map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }, Address: "127.0.0.1", @@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/docker/config_test.go b/pkg/provider/docker/config_test.go index ed8b58b7c..d5a9dca8c 100644 --- a/pkg/provider/docker/config_test.go +++ b/pkg/provider/docker/config_test.go @@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) { Name: "Test", Labels: map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }, NetworkSettings: networkSettings{ @@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/ecs/config_test.go b/pkg/provider/ecs/config_test.go index a34a53766..3ab9c477d 100644 --- a/pkg/provider/ecs/config_test.go +++ b/pkg/provider/ecs/config_test.go @@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) { name("Test"), labels(map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }), iMachine( @@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml index b36e821b2..19f83bd76 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 @@ -12,10 +12,10 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: foo spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 --- @@ -36,6 +36,6 @@ spec: port: 8000 middlewares: - - name: ipwhitelist - - name: ipwhitelist + - name: ipallowlist + - name: ipallowlist namespace: foo diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml index b672e56e9..731d8aaba 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 @@ -12,10 +12,10 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: foo spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 --- @@ -36,9 +36,9 @@ spec: port: 8000 middlewares: - - name: ipwhitelist - - name: ipwhitelist + - name: ipallowlist + - name: ipallowlist namespace: foo - - name: ipwhitelist@file - - name: ipwhitelist-foo@file + - name: ipallowlist@file + - name: ipallowlist-foo@file namespace: foo diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml index dc66091c2..ba7aed1c0 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml @@ -4,7 +4,7 @@ metadata: name: multiple---hyphens namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 diff --git a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml index af8dd075d..8b631fc98 100644 --- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml +++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: default spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 @@ -12,10 +12,10 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: MiddlewareTCP metadata: - name: ipwhitelist + name: ipallowlist namespace: cross-ns spec: - ipWhiteList: + ipAllowList: sourceRange: - 127.0.0.1/32 --- @@ -36,7 +36,7 @@ spec: port: 8000 middlewares: - - name: ipwhitelist + - name: ipallowlist - match: HostSNI(`bar.com`) services: @@ -44,5 +44,5 @@ spec: port: 8000 middlewares: - - name: ipwhitelist + - name: ipallowlist namespace: cross-ns diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go index 04d55cef9..6a6fb1a9b 100644 --- a/pkg/provider/kubernetes/crd/kubernetes.go +++ b/pkg/provider/kubernetes/crd/kubernetes.go @@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client) ReplacePath: middleware.Spec.ReplacePath, ReplacePathRegex: middleware.Spec.ReplacePathRegex, Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain), - IPWhiteList: middleware.Spec.IPWhiteList, + IPAllowList: middleware.Spec.IPAllowList, Headers: middleware.Spec.Headers, Errors: errorPage, RateLimit: rateLimit, @@ -279,6 +279,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client) PassTLSClientCert: middleware.Spec.PassTLSClientCert, Retry: retry, ContentType: middleware.Spec.ContentType, + GrpcWeb: middleware.Spec.GrpcWeb, Plugin: plugin, } } @@ -288,7 +289,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client) conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{ InFlightConn: middlewareTCP.Spec.InFlightConn, - IPWhiteList: middlewareTCP.Spec.IPWhiteList, + IPAllowList: middlewareTCP.Spec.IPAllowList, } } diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index 60c079406..1189364e5 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"}, + Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"}, Rule: "HostSNI(`foo.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "foo-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "foo-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "default-multiple-hyphens": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"}, + Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"}, Rule: "HostSNI(`foo.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "foo-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "foo-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist"}, + Middlewares: []string{"default-ipallowlist"}, Rule: "HostSNI(`foo.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "cross-ns-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "cross-ns-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, @@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) { "default-test.route-fdd3e9338e47a45efefc": { EntryPoints: []string{"foo"}, Service: "default-test.route-fdd3e9338e47a45efefc", - Middlewares: []string{"default-ipwhitelist"}, + Middlewares: []string{"default-ipallowlist"}, Rule: "HostSNI(`foo.com`)", }, "default-test.route-f44ce589164e656d231c": { EntryPoints: []string{"foo"}, Service: "default-test.route-f44ce589164e656d231c", - Middlewares: []string{"cross-ns-ipwhitelist"}, + Middlewares: []string{"cross-ns-ipallowlist"}, Rule: "HostSNI(`bar.com`)", }, }, Middlewares: map[string]*dynamic.TCPMiddleware{ - "default-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "default-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, - "cross-ns-ipwhitelist": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + "cross-ns-ipallowlist": { + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"127.0.0.1/32"}, }, }, diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go index b53f5905f..bde544b85 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go @@ -32,7 +32,7 @@ type MiddlewareSpec struct { ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"` ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"` Chain *Chain `json:"chain,omitempty"` - IPWhiteList *dynamic.IPWhiteList `json:"ipWhiteList,omitempty"` + IPAllowList *dynamic.IPAllowList `json:"ipAllowList,omitempty"` Headers *dynamic.Headers `json:"headers,omitempty"` Errors *ErrorPage `json:"errors,omitempty"` RateLimit *RateLimit `json:"rateLimit,omitempty"` @@ -48,6 +48,7 @@ type MiddlewareSpec struct { PassTLSClientCert *dynamic.PassTLSClientCert `json:"passTLSClientCert,omitempty"` Retry *Retry `json:"retry,omitempty"` ContentType *dynamic.ContentType `json:"contentType,omitempty"` + GrpcWeb *dynamic.GrpcWeb `json:"grpcWeb,omitempty"` // Plugin defines the middleware plugin configuration. // More info: https://doc.traefik.io/traefik/plugins/ Plugin map[string]apiextensionv1.JSON `json:"plugin,omitempty"` diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go index 28fc85d8f..2845b5357 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go @@ -25,8 +25,8 @@ type MiddlewareTCP struct { type MiddlewareTCPSpec struct { // InFlightConn defines the InFlightConn middleware configuration. InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"` - // IPWhiteList defines the IPWhiteList middleware configuration. - IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` + // IPAllowList defines the IPAllowList middleware configuration. + IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go index 5dbd71621..45ffd09fd 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go @@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) { *out = new(Chain) (*in).DeepCopyInto(*out) } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(dynamic.IPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(dynamic.IPAllowList) (*in).DeepCopyInto(*out) } if in.Headers != nil { @@ -769,6 +769,11 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) { *out = new(dynamic.ContentType) **out = **in } + if in.GrpcWeb != nil { + in, out := &in.GrpcWeb, &out.GrpcWeb + *out = new(dynamic.GrpcWeb) + (*in).DeepCopyInto(*out) + } if in.Plugin != nil { in, out := &in.Plugin, &out.Plugin *out = make(map[string]v1.JSON, len(*in)) @@ -857,9 +862,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) { *out = new(dynamic.TCPInFlightConn) **out = **in } - if in.IPWhiteList != nil { - in, out := &in.IPWhiteList, &out.IPWhiteList - *out = new(dynamic.TCPIPWhiteList) + if in.IPAllowList != nil { + in, out := &in.IPAllowList, &out.IPAllowList + *out = new(dynamic.TCPIPAllowList) (*in).DeepCopyInto(*out) } return diff --git a/pkg/provider/kv/kv_test.go b/pkg/provider/kv/kv_test.go index c77a05365..ad8a5b865 100644 --- a/pkg/provider/kv/kv_test.go +++ b/pkg/provider/kv/kv_test.go @@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar", "traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true", - "traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1": "foobar", - "traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth": "42", + "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1": "foobar", + "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth": "42", "traefik/http/middlewares/Middleware11/inFlightReq/amount": "42", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42", @@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.Middleware{ "Middleware10": { - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{ "foobar", "foobar", diff --git a/pkg/provider/marathon/config_test.go b/pkg/provider/marathon/config_test.go index f49559ab9..038eae0b6 100644 --- a/pkg/provider/marathon/config_test.go +++ b/pkg/provider/marathon/config_test.go @@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) { }, }, { - desc: "TCP with IP whitelist", + desc: "TCP with IP allowlist", applications: withApplications( application( appID("/app"), appPorts(80), withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"), - withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"), + withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"), withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"), withTasks(localhostTask(taskPorts(80))), )), @@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/nomad/config_test.go b/pkg/provider/nomad/config_test.go index 9d0aa21b8..653a5d28c 100644 --- a/pkg/provider/nomad/config_test.go +++ b/pkg/provider/nomad/config_test.go @@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) { Name: "Test", Tags: []string{ "traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar", "traefik.tcp.routers.Test.middlewares = Middleware1", }, Address: "127.0.0.1", @@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/provider/rancher/config_test.go b/pkg/provider/rancher/config_test.go index 2f94c559e..29f47a51f 100644 --- a/pkg/provider/rancher/config_test.go +++ b/pkg/provider/rancher/config_test.go @@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) { Name: "Test", Labels: map[string]string{ "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", - "traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", + "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar", "traefik.tcp.routers.Test.middlewares": "Middleware1", }, Port: "80/tcp", @@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) { }, Middlewares: map[string]*dynamic.TCPMiddleware{ "Middleware1": { - IPWhiteList: &dynamic.TCPIPWhiteList{ + IPAllowList: &dynamic.TCPIPAllowList{ SourceRange: []string{"foobar", "fiibar"}, }, }, diff --git a/pkg/redactor/redactor_config_test.go b/pkg/redactor/redactor_config_test.go index a3f7504aa..fddc3f455 100644 --- a/pkg/redactor/redactor_config_test.go +++ b/pkg/redactor/redactor_config_test.go @@ -191,7 +191,7 @@ func init() { Chain: &dynamic.Chain{ Middlewares: []string{"foo"}, }, - IPWhiteList: &dynamic.IPWhiteList{ + IPAllowList: &dynamic.IPAllowList{ SourceRange: []string{"foo"}, IPStrategy: &dynamic.IPStrategy{ Depth: 42, diff --git a/pkg/redactor/testdata/anonymized-dynamic-config.json b/pkg/redactor/testdata/anonymized-dynamic-config.json index 914818566..15e8d4cd6 100644 --- a/pkg/redactor/testdata/anonymized-dynamic-config.json +++ b/pkg/redactor/testdata/anonymized-dynamic-config.json @@ -119,7 +119,7 @@ "foo" ] }, - "ipWhiteList": { + "ipAllowList": { "sourceRange": [ "xxxx" ], @@ -478,4 +478,4 @@ } } } -} \ No newline at end of file +} diff --git a/pkg/redactor/testdata/secured-dynamic-config.json b/pkg/redactor/testdata/secured-dynamic-config.json index 352421884..996876708 100644 --- a/pkg/redactor/testdata/secured-dynamic-config.json +++ b/pkg/redactor/testdata/secured-dynamic-config.json @@ -119,7 +119,7 @@ "foo" ] }, - "ipWhiteList": { + "ipAllowList": { "sourceRange": [ "foo" ], @@ -483,4 +483,4 @@ } } } -} \ No newline at end of file +} diff --git a/pkg/server/middleware/chainbuilder.go b/pkg/server/middleware/chainbuilder.go index b4e1223a8..c5c833606 100644 --- a/pkg/server/middleware/chainbuilder.go +++ b/pkg/server/middleware/chainbuilder.go @@ -18,16 +18,14 @@ type ChainBuilder struct { metricsRegistry metrics.Registry accessLoggerMiddleware *accesslog.Handler tracer *tracing.Tracing - captureMiddleware *capture.Handler } // NewChainBuilder Creates a new ChainBuilder. -func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *accesslog.Handler, tracer *tracing.Tracing, captureMiddleware *capture.Handler) *ChainBuilder { +func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *accesslog.Handler, tracer *tracing.Tracing) *ChainBuilder { return &ChainBuilder{ metricsRegistry: metricsRegistry, accessLoggerMiddleware: accessLoggerMiddleware, tracer: tracer, - captureMiddleware: captureMiddleware, } } @@ -35,8 +33,8 @@ func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *a func (c *ChainBuilder) Build(ctx context.Context, entryPointName string) alice.Chain { chain := alice.New() - if c.captureMiddleware != nil { - chain = chain.Append(capture.WrapHandler(c.captureMiddleware)) + if c.accessLoggerMiddleware != nil || c.metricsRegistry != nil && (c.metricsRegistry.IsEpEnabled() || c.metricsRegistry.IsRouterEnabled() || c.metricsRegistry.IsSvcEnabled()) { + chain = chain.Append(capture.Wrap) } if c.accessLoggerMiddleware != nil { diff --git a/pkg/server/middleware/middlewares.go b/pkg/server/middleware/middlewares.go index 741c9a4f0..18c1f25ba 100644 --- a/pkg/server/middleware/middlewares.go +++ b/pkg/server/middleware/middlewares.go @@ -17,9 +17,10 @@ import ( "github.com/traefik/traefik/v2/pkg/middlewares/circuitbreaker" "github.com/traefik/traefik/v2/pkg/middlewares/compress" "github.com/traefik/traefik/v2/pkg/middlewares/customerrors" + "github.com/traefik/traefik/v2/pkg/middlewares/grpcweb" "github.com/traefik/traefik/v2/pkg/middlewares/headers" "github.com/traefik/traefik/v2/pkg/middlewares/inflightreq" - "github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist" + "github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist" "github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert" "github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter" "github.com/traefik/traefik/v2/pkg/middlewares/redirect" @@ -219,6 +220,16 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } } + // GrpcWeb + if config.GrpcWeb != nil { + if middleware != nil { + return nil, badConf + } + middleware = func(next http.Handler) (http.Handler, error) { + return grpcweb.New(ctx, next, *config.GrpcWeb, middlewareName), nil + } + } + // Headers if config.Headers != nil { if middleware != nil { @@ -229,13 +240,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } } - // IPWhiteList - if config.IPWhiteList != nil { + // IPAllowList + if config.IPAllowList != nil { if middleware != nil { return nil, badConf } middleware = func(next http.Handler) (http.Handler, error) { - return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) + return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName) } } diff --git a/pkg/server/middleware/tcp/middlewares.go b/pkg/server/middleware/tcp/middlewares.go index 7e1ad1e17..ad6320a46 100644 --- a/pkg/server/middleware/tcp/middlewares.go +++ b/pkg/server/middleware/tcp/middlewares.go @@ -6,8 +6,8 @@ import ( "strings" "github.com/traefik/traefik/v2/pkg/config/runtime" - inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn" - ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist" + "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn" + "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist" "github.com/traefik/traefik/v2/pkg/server/provider" "github.com/traefik/traefik/v2/pkg/tcp" ) @@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } } - // IPWhiteList - if config.IPWhiteList != nil { + // IPAllowList + if config.IPAllowList != nil { middleware = func(next tcp.Handler) (tcp.Handler, error) { - return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) + return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName) } } diff --git a/pkg/server/router/router_test.go b/pkg/server/router/router_test.go index 383fac0c2..5c4f38ee1 100644 --- a/pkg/server/router/router_test.go +++ b/pkg/server/router/router_test.go @@ -316,7 +316,7 @@ func TestRouterManager_Get(t *testing.T) { roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) - chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) + chainBuilder := middleware.NewChainBuilder(nil, nil, nil) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) @@ -422,7 +422,7 @@ func TestAccessLog(t *testing.T) { roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) - chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) + chainBuilder := middleware.NewChainBuilder(nil, nil, nil) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) @@ -439,7 +439,7 @@ func TestAccessLog(t *testing.T) { reqHost := requestdecorator.New(nil) chain := alice.New() - chain = chain.Append(capture.WrapHandler(&capture.Handler{})) + chain = chain.Append(capture.Wrap) chain = chain.Append(accesslog.WrapHandler(accesslogger)) handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { reqHost.ServeHTTP(w, req, handlers["web"].ServeHTTP) @@ -717,7 +717,7 @@ func TestRuntimeConfiguration(t *testing.T) { roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) - chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) + chainBuilder := middleware.NewChainBuilder(nil, nil, nil) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) @@ -792,7 +792,7 @@ func TestProviderOnMiddlewares(t *testing.T) { roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) - chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) + chainBuilder := middleware.NewChainBuilder(nil, nil, nil) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) @@ -860,7 +860,7 @@ func BenchmarkRouterServe(b *testing.B) { serviceManager := service.NewManager(rtConf.Services, nil, nil, staticRoundTripperGetter{res}) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) - chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) + chainBuilder := middleware.NewChainBuilder(nil, nil, nil) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) diff --git a/pkg/server/routerfactory_test.go b/pkg/server/routerfactory_test.go index 0afa69584..6358d4cbf 100644 --- a/pkg/server/routerfactory_test.go +++ b/pkg/server/routerfactory_test.go @@ -53,7 +53,7 @@ func TestReuseService(t *testing.T) { managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil) tlsManager := tls.NewManager() - factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil, nil), nil, metrics.NewVoidRegistry()) + factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil), nil, metrics.NewVoidRegistry()) entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs})) @@ -189,7 +189,7 @@ func TestServerResponseEmptyBackend(t *testing.T) { managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil) tlsManager := tls.NewManager() - factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil, nil), nil, metrics.NewVoidRegistry()) + factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil), nil, metrics.NewVoidRegistry()) entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: test.config(testServer.URL)})) @@ -232,7 +232,7 @@ func TestInternalServices(t *testing.T) { voidRegistry := metrics.NewVoidRegistry() - factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(voidRegistry, nil, nil, nil), nil, voidRegistry) + factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(voidRegistry, nil, nil), nil, voidRegistry) entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs})) diff --git a/pkg/server/service/proxy_websocket_test.go b/pkg/server/service/proxy_websocket_test.go index 8b58cf94a..84e6a1aef 100644 --- a/pkg/server/service/proxy_websocket_test.go +++ b/pkg/server/service/proxy_websocket_test.go @@ -593,9 +593,11 @@ func TestWebSocketTransferTLSConfig(t *testing.T) { require.NoError(t, err) assert.Equal(t, "ok", resp) - http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + // Don't alter default transport to prevent side effects on other tests. + defaultTransport := http.DefaultTransport.(*http.Transport).Clone() + defaultTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} - forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, http.DefaultTransport, nil) + forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, defaultTransport, nil) require.NoError(t, err) proxyWithTLSConfigFromDefaultTransport := createProxyWithForwarder(t, forwarderWithTLSConfigFromDefaultTransport, srv.URL) diff --git a/pkg/server/service/roundtripper_test.go b/pkg/server/service/roundtripper_test.go index 37d543674..d11e2f693 100644 --- a/pkg/server/service/roundtripper_test.go +++ b/pkg/server/service/roundtripper_test.go @@ -283,11 +283,11 @@ func TestSpiffeMTLS(t *testing.T) { } testCases := []struct { - desc string - config dynamic.Spiffe - clientSource SpiffeX509Source - wantStatusCode int - wantErrorMessage string + desc string + config dynamic.Spiffe + clientSource SpiffeX509Source + wantStatusCode int + wantError bool }{ { desc: "supports SPIFFE mTLS", @@ -308,8 +308,8 @@ func TestSpiffeMTLS(t *testing.T) { config: dynamic.Spiffe{ IDs: []string{"spiffe://traefik.test/not-server"}, }, - clientSource: &clientSource, - wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`, + clientSource: &clientSource, + wantError: true, }, { desc: "allows expected server trust domain", @@ -324,8 +324,8 @@ func TestSpiffeMTLS(t *testing.T) { config: dynamic.Spiffe{ TrustDomain: "spiffe://not-traefik.test", }, - clientSource: &clientSource, - wantErrorMessage: `unexpected trust domain "traefik.test"`, + clientSource: &clientSource, + wantError: true, }, { desc: "spiffe IDs allowlist takes precedence", @@ -333,14 +333,14 @@ func TestSpiffeMTLS(t *testing.T) { IDs: []string{"spiffe://traefik.test/not-server"}, TrustDomain: "spiffe://not-traefik.test", }, - clientSource: &clientSource, - wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`, + clientSource: &clientSource, + wantError: true, }, { - desc: "raises an error when spiffe is enabled on the transport but no workloadapi address is given", - config: dynamic.Spiffe{}, - clientSource: nil, - wantErrorMessage: `remote error: tls: bad certificate`, + desc: "raises an error when spiffe is enabled on the transport but no workloadapi address is given", + config: dynamic.Spiffe{}, + clientSource: nil, + wantError: true, }, } @@ -362,8 +362,8 @@ func TestSpiffeMTLS(t *testing.T) { client := http.Client{Transport: tr} resp, err := client.Get(srv.URL) - if test.wantErrorMessage != "" { - assert.ErrorContains(t, err, test.wantErrorMessage) + if test.wantError { + require.Error(t, err) return } diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 46502fc32..228224a30 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.9.1 +# example new bugfix v2.9.2 CurrentRef = "v2.9" -PreviousRef = "v2.9.0" +PreviousRef = "v2.9.1" BaseBranch = "v2.9" -FutureCurrentRefName = "v2.9.0" +FutureCurrentRefName = "v2.9.2" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 diff --git a/webui/src/components/_commons/PanelMiddlewares.vue b/webui/src/components/_commons/PanelMiddlewares.vue index ef0a56e0d..9c94cdfcd 100644 --- a/webui/src/components/_commons/PanelMiddlewares.vue +++ b/webui/src/components/_commons/PanelMiddlewares.vue @@ -675,8 +675,8 @@ - - + +
Source Range
@@ -689,8 +689,8 @@
- - + +
IP Strategy
@@ -1076,8 +1076,8 @@ - - + +
Source Range