Merge github.com:traefik/traefik

This commit is contained in:
baalajimaestro 2022-11-05 19:21:44 +05:30
commit f6ee1b343a
Signed by: baalajimaestro
GPG key ID: F93C394FE9BBAFD5
95 changed files with 1075 additions and 638 deletions

View file

@ -56,7 +56,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Cache Go modules - name: Cache Go modules
uses: actions/cache@v2 uses: actions/cache@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod

View file

@ -31,7 +31,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Cache Go modules - name: Cache Go modules
uses: actions/cache@v2 uses: actions/cache@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod

View file

@ -33,7 +33,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Cache Go modules - name: Cache Go modules
uses: actions/cache@v2 uses: actions/cache@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod
@ -73,7 +73,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Cache Go modules - name: Cache Go modules
uses: actions/cache@v2 uses: actions/cache@v3
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod

View file

@ -75,7 +75,6 @@ linters-settings:
- github.com/mailgun/minheap - github.com/mailgun/minheap
- github.com/mailgun/multibuf - github.com/mailgun/multibuf
- github.com/jaguilar/vt100 - github.com/jaguilar/vt100
- github.com/BurntSushi/toml
linters: linters:
enable-all: true enable-all: true

View file

@ -22,22 +22,23 @@ builds:
- openbsd - openbsd
goarch: goarch:
- amd64 - amd64
- 386 - '386'
- arm - arm
- arm64 - arm64
- ppc64le - ppc64le
- s390x - s390x
goarm: goarm:
- 7 - '7'
- 6 - '6'
- 5
ignore: ignore:
- goos: darwin - goos: darwin
goarch: 386 goarch: '386'
- goos: openbsd - goos: openbsd
goarch: arm goarch: arm
- goos: openbsd - goos: openbsd
goarch: arm64 goarch: arm64
- goos: freebsd
goarch: arm
- goos: freebsd - goos: freebsd
goarch: arm64 goarch: arm64
- goos: windows - goos: windows

View file

@ -1,3 +1,29 @@
## [v2.9.4](https://github.com/traefik/traefik/tree/v2.9.4) (2022-10-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.4)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.9.0 ([#9413](https://github.com/traefik/traefik/pull/9413) by [tony-defa](https://github.com/tony-defa))
- **[kv,redis]** Fix Redis configuration type ([#9435](https://github.com/traefik/traefik/pull/9435) by [ldez](https://github.com/ldez))
- **[logs,middleware,metrics]** Handle capture on redefined http.responseWriters ([#9440](https://github.com/traefik/traefik/pull/9440) by [rtribotte](https://github.com/rtribotte))
- **[middleware,k8s]** Remove raw cert escape in PassTLSClientCert middleware ([#9412](https://github.com/traefik/traefik/pull/9412) by [rtribotte](https://github.com/rtribotte))
- **[plugins]** Update Yaegi to v0.14.3 ([#9468](https://github.com/traefik/traefik/pull/9468) by [ldez](https://github.com/ldez))
- Remove side effect on default transport tests ([#9460](https://github.com/traefik/traefik/pull/9460) by [sdelicata](https://github.com/sdelicata))
**Documentation:**
- **[k8s]** Fix links to gateway API guides ([#9445](https://github.com/traefik/traefik/pull/9445) by [kevinpollet](https://github.com/kevinpollet))
- Simplify dashboard rule example ([#9454](https://github.com/traefik/traefik/pull/9454) by [sosoba](https://github.com/sosoba))
- Add v2.9 to release page ([#9438](https://github.com/traefik/traefik/pull/9438) by [kevinpollet](https://github.com/kevinpollet))
## [v2.9.3](https://github.com/traefik/traefik/tree/v2.9.3) (2022-10-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.3)
Release canceled.
## [v2.9.2](https://github.com/traefik/traefik/tree/v2.9.2) (2022-10-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.2)
Release canceled.
## [v2.9.1](https://github.com/traefik/traefik/tree/v2.9.1) (2022-10-03) ## [v2.9.1](https://github.com/traefik/traefik/tree/v2.9.1) (2022-10-03)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.9.1) [All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.9.1)

View file

@ -189,7 +189,7 @@ generate-genconf:
.PHONY: release-packages .PHONY: release-packages
release-packages: generate-webui build-dev-image release-packages: generate-webui build-dev-image
rm -rf dist rm -rf dist
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish --timeout="90m" $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 4 --timeout="90m"
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \ $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
--exclude-vcs \ --exclude-vcs \
--exclude .idea \ --exclude .idea \

View file

@ -32,7 +32,6 @@ import (
"github.com/traefik/traefik/v2/pkg/log" "github.com/traefik/traefik/v2/pkg/log"
"github.com/traefik/traefik/v2/pkg/metrics" "github.com/traefik/traefik/v2/pkg/metrics"
"github.com/traefik/traefik/v2/pkg/middlewares/accesslog" "github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
"github.com/traefik/traefik/v2/pkg/middlewares/capture"
"github.com/traefik/traefik/v2/pkg/provider/acme" "github.com/traefik/traefik/v2/pkg/provider/acme"
"github.com/traefik/traefik/v2/pkg/provider/aggregator" "github.com/traefik/traefik/v2/pkg/provider/aggregator"
"github.com/traefik/traefik/v2/pkg/provider/hub" "github.com/traefik/traefik/v2/pkg/provider/hub"
@ -287,9 +286,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
accessLog := setupAccessLog(staticConfiguration.AccessLog) accessLog := setupAccessLog(staticConfiguration.AccessLog)
tracer := setupTracing(staticConfiguration.Tracing) tracer := setupTracing(staticConfiguration.Tracing)
captureMiddleware := setupCapture(staticConfiguration)
chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer, captureMiddleware) chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry) routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry)
// Watcher // Watcher
@ -638,13 +636,6 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
return tracer return tracer
} }
func setupCapture(staticConfiguration *static.Configuration) *capture.Handler {
if staticConfiguration.AccessLog == nil && staticConfiguration.Metrics == nil {
return nil
}
return &capture.Handler{}
}
func configureLogging(staticConfiguration *static.Configuration) { func configureLogging(staticConfiguration *static.Configuration) {
// configure default log flags // configure default log flags
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags) stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)

Binary file not shown.

Before

Width:  |  Height:  |  Size: 58 KiB

View file

@ -15,7 +15,7 @@ It makes reusing the same groups easier.
## Configuration Example ## Configuration Example
Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`. Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
@ -25,7 +25,7 @@ labels:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@ -80,7 +80,7 @@ kind: Middleware
metadata: metadata:
name: known-ips name: known-ips
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 192.168.1.7 - 192.168.1.7
- 127.0.0.1/32 - 127.0.0.1/32
@ -93,7 +93,7 @@ spec:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@ -105,7 +105,7 @@ spec:
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users", "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https", "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32", "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32",
"traefik.http.services.service1.loadbalancer.server.port": "80" "traefik.http.services.service1.loadbalancer.server.port": "80"
} }
``` ```
@ -118,7 +118,7 @@ labels:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@ -150,7 +150,7 @@ http:
scheme: https scheme: https
known-ips: known-ips:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "192.168.1.7" - "192.168.1.7"
- "127.0.0.1/32" - "127.0.0.1/32"
@ -180,7 +180,7 @@ http:
[http.middlewares.https-only.redirectScheme] [http.middlewares.https-only.redirectScheme]
scheme = "https" scheme = "https"
[http.middlewares.known-ips.ipWhiteList] [http.middlewares.known-ips.ipAllowList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"] sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services] [http.services]

View file

@ -0,0 +1,77 @@
---
title: "Traefik GrpcWeb Documentation"
description: "In Traefik Proxy's HTTP middleware, GrpcWeb converts a gRPC Web requests to HTTP/2 gRPC requests. Read the technical documentation."
---
# GrpcWeb
Converting gRPC Web requests to HTTP/2 gRPC requests.
{: .subtitle }
The GrpcWeb middleware converts gRPC Web requests to HTTP/2 gRPC requests before forwarding them to the backends.
!!! tip
Please note, that Traefik needs to communicate using gRPC with the backends (h2c or HTTP/2 over TLS).
Check out the [gRPC](../../user-guides/grpc.md) user guide for more details.
## Configuration Examples
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-grpcweb.grpcweb.allowOrigins=*"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-grpcweb
spec:
grpcWeb:
allowOrigins:
- "*"
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-grpcweb.grpcWeb.allowOrigins=*"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins": "*"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins=*"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-grpcweb:
grpcWeb:
allowOrigins:
- "*"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-grpcweb.grpcWeb]
allowOrigins = ["*"]
```
## Configuration Options
### `allowOrigins`
The `allowOrigins` contains the list of allowed origins.
A wildcard origin `*` can also be configured to match all requests.
More information including how to use the settings can be found at:
- [Mozilla.org](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin)
- [w3](https://fetch.spec.whatwg.org/#http-access-control-allow-origin)
- [IETF](https://tools.ietf.org/html/rfc6454#section-7.1)

View file

@ -1,32 +1,30 @@
--- ---
title: "Traefik HTTP Middlewares IPWhiteList" title: "Traefik HTTP Middlewares IPAllowList"
description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
--- ---
# IPWhiteList # IPAllowList
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
![IpWhiteList](../../assets/img/middleware/ipwhitelist.png) IPAllowList accepts / refuses requests based on the client IP.
IPWhitelist accepts / refuses requests based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -34,27 +32,27 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Accepts request from defined IP # Accepts request from defined IP
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Accepts request from defined IP # Accepts request from defined IP
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@ -63,7 +61,7 @@ http:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
@ -86,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
!!! example "Examples of Depth & X-Forwarded-For" !!! example "Examples of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`). If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP | | `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
@ -95,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker" ```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -117,31 +115,31 @@ spec:
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2" "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@ -150,11 +148,11 @@ http:
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
depth = 2 depth = 2
``` ```
@ -177,7 +175,7 @@ http:
```yaml tab="Docker" ```yaml tab="Docker"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -185,9 +183,9 @@ labels:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- 127.0.0.1/32 - 127.0.0.1/32
@ -196,27 +194,27 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
@ -226,7 +224,7 @@ http:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"] excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
``` ```

View file

@ -142,7 +142,7 @@ http:
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle | | [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication | | [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication |
| [Headers](headers.md) | Adds / Updates headers | Security | | [Headers](headers.md) | Adds / Updates headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle | | [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle | | [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security | | [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle | | [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle |

View file

@ -1,30 +1,30 @@
--- ---
title: "Traefik TCP Middlewares IPWhiteList" title: "Traefik TCP Middlewares IPAllowList"
description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
--- ---
# IPWhiteList # IPAllowList
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
IPWhitelist accepts / refuses connections based on the client IP. IPAllowList accepts / refuses connections based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts connections from defined IP # Accepts connections from defined IP
labels: labels:
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -32,25 +32,25 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Accepts request from defined IP # Accepts request from defined IP
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.test-ipwhitelist.ipWhiteList] [tcp.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
@ -58,8 +58,8 @@ labels:
# Accepts request from defined IP # Accepts request from defined IP
tcp: tcp:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"

View file

@ -18,10 +18,10 @@ whoami:
# A container that exposes an API to show its IP address # A container that exposes an API to show its IP address
image: traefik/whoami image: traefik/whoami
labels: labels:
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"
``` ```
```yaml tab="Kubernetes IngressRoute" ```yaml tab="Kubernetes IngressRoute"
@ -43,9 +43,9 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: foo-ip-whitelist name: foo-ip-allowlist
spec: spec:
ipWhiteList: ipAllowList:
sourcerange: sourcerange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -60,30 +60,30 @@ spec:
routes: routes:
# more fields... # more fields...
middlewares: middlewares:
- name: foo-ip-whitelist - name: foo-ip-allowlist
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7", "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7",
"traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon" "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# As a Rancher Label # As a Rancher Label
labels: labels:
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -91,11 +91,11 @@ labels:
[tcp.routers] [tcp.routers]
[tcp.routers.router1] [tcp.routers.router1]
service = "myService" service = "myService"
middlewares = ["foo-ip-whitelist"] middlewares = ["foo-ip-allowlist"]
rule = "Host(`example.com`)" rule = "Host(`example.com`)"
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.foo-ip-whitelist.ipWhiteList] [tcp.middlewares.foo-ip-allowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[tcp.services] [tcp.services]
@ -114,12 +114,12 @@ tcp:
router1: router1:
service: myService service: myService
middlewares: middlewares:
- "foo-ip-whitelist" - "foo-ip-allowlist"
rule: "Host(`example.com`)" rule: "Host(`example.com`)"
middlewares: middlewares:
foo-ip-whitelist: foo-ip-allowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@ -137,4 +137,4 @@ tcp:
| Middleware | Purpose | Area | | Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------| |-------------------------------------------|---------------------------------------------------|-----------------------------|
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle | | [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs. | Security, Request lifecycle | | [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle |

View file

@ -0,0 +1,18 @@
---
title: "Traefik V3 Migration Documentation"
description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation."
---
# Migration Guide: From v2 to v3
How to Migrate from Traefik v2 to Traefik v3.
{: .subtitle }
The version 3 of Traefik introduces a number of breaking changes,
which require one to update their configuration when they migrate from v2 to v3.
The goal of this page is to recapitulate all of these changes, and in particular to give examples,
feature by feature, of how the configuration looked like in v2, and how it now looks like in v3.
## IPWhiteList
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.

View file

@ -72,7 +72,7 @@ to allow defining:
- One or more security features through [middlewares](../middlewares/overview.md) - One or more security features through [middlewares](../middlewares/overview.md)
like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md), like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
[forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md). [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md).
- A [router rule](#dashboard-router-rule) for accessing the dashboard, - A [router rule](#dashboard-router-rule) for accessing the dashboard,
through Traefik itself (sometimes referred as "Traefik-ception"). through Traefik itself (sometimes referred as "Traefik-ception").
@ -93,12 +93,12 @@ rule = "Host(`traefik.example.com`)"
```bash tab="Path Prefix Rule" ```bash tab="Path Prefix Rule"
# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/ # The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)" rule = "PathPrefix(`/api`, `/dashboard`)"
``` ```
```bash tab="Combination of Rules" ```bash tab="Combination of Rules"
# The dashboard can be accessed on http://traefik.example.com/dashboard/ # The dashboard can be accessed on http://traefik.example.com/dashboard/
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)"
``` ```
??? example "Dashboard Dynamic Configuration Examples" ??? example "Dashboard Dynamic Configuration Examples"

View file

@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen
!!! tip !!! tip
The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...) The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...)
## Configuration Examples ## Configuration Examples

View file

@ -71,9 +71,9 @@
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true"
- "traefik.http.middlewares.middleware10.headers.stsseconds=42" - "traefik.http.middlewares.middleware10.headers.stsseconds=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42" - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar" - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar" - "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.amount=42" - "traefik.http.middlewares.middleware12.inflightreq.amount=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
@ -121,6 +121,7 @@
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true" - "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar" - "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar" - "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"
- "traefik.http.routers.router0.entrypoints=foobar, foobar" - "traefik.http.routers.router0.entrypoints=foobar, foobar"
- "traefik.http.routers.router0.middlewares=foobar, foobar" - "traefik.http.routers.router0.middlewares=foobar, foobar"
- "traefik.http.routers.router0.priority=42" - "traefik.http.routers.router0.priority=42"
@ -166,7 +167,7 @@
- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service01.loadbalancer.server.port=foobar" - "traefik.http.services.service01.loadbalancer.server.port=foobar"
- "traefik.http.services.service01.loadbalancer.server.scheme=foobar" - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"

View file

@ -203,9 +203,9 @@
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.middlewares.Middleware11] [http.middlewares.Middleware11]
[http.middlewares.Middleware11.ipWhiteList] [http.middlewares.Middleware11.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware11.ipWhiteList.ipStrategy] [http.middlewares.Middleware11.ipAllowList.ipStrategy]
depth = 42 depth = 42
excludedIPs = ["foobar", "foobar"] excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware12] [http.middlewares.Middleware12]
@ -285,6 +285,9 @@
[http.middlewares.Middleware22] [http.middlewares.Middleware22]
[http.middlewares.Middleware22.stripPrefixRegex] [http.middlewares.Middleware22.stripPrefixRegex]
regex = ["foobar", "foobar"] regex = ["foobar", "foobar"]
[http.middlewares.Middleware23]
[http.middlewares.Middleware23.grpcWeb]
allowOrigins = ["foobar", "foobar"]
[http.serversTransports] [http.serversTransports]
[http.serversTransports.ServersTransport0] [http.serversTransports.ServersTransport0]
serverName = "foobar" serverName = "foobar"
@ -402,7 +405,7 @@
weight = 42 weight = 42
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.TCPMiddleware00] [tcp.middlewares.TCPMiddleware00]
[tcp.middlewares.TCPMiddleware00.ipWhiteList] [tcp.middlewares.TCPMiddleware00.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware01] [tcp.middlewares.TCPMiddleware01]
[tcp.middlewares.TCPMiddleware01.inFlightConn] [tcp.middlewares.TCPMiddleware01.inFlightConn]

View file

@ -230,7 +230,7 @@ http:
permissionsPolicy: foobar permissionsPolicy: foobar
isDevelopment: true isDevelopment: true
Middleware11: Middleware11:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar
@ -324,6 +324,11 @@ http:
regex: regex:
- foobar - foobar
- foobar - foobar
Middleware23:
grpcWeb:
allowOrigins:
- foobar
- foobar
serversTransports: serversTransports:
ServersTransport0: ServersTransport0:
serverName: foobar serverName: foobar
@ -443,7 +448,7 @@ tcp:
weight: 42 weight: 42
middlewares: middlewares:
TCPMiddleware00: TCPMiddleware00:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar

View file

@ -967,6 +967,17 @@ spec:
forward) all X-Forwarded-* headers.' forward) all X-Forwarded-* headers.'
type: boolean type: boolean
type: object type: object
grpcWeb:
description: GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties:
allowOrigins:
description: AllowOrigins is a list of allowable origins. Can
also be a wildcard origin "*".
items:
type: string
type: array
type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More This middleware manages the requests and responses headers. More
@ -1149,7 +1160,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1174,14 +1185,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1345,7 +1356,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1541,8 +1552,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -148,7 +148,7 @@ spec:
- name: whoamitcp - name: whoamitcp
port: 8080 port: 8080
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
tls: tls:
secretName: foosecret secretName: foosecret
passthrough: false passthrough: false

View file

@ -84,11 +84,11 @@
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
@ -140,6 +140,8 @@
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/0` | `foobar` |
| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/1` | `foobar` |
| `traefik/http/routers/Router0/entryPoints/0` | `foobar` | | `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
| `traefik/http/routers/Router0/entryPoints/1` | `foobar` | | `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
| `traefik/http/routers/Router0/middlewares/0` | `foobar` | | `traefik/http/routers/Router0/middlewares/0` | `foobar` |
@ -247,8 +249,8 @@
| `traefik/http/services/Service04/failover/fallback` | `foobar` | | `traefik/http/services/Service04/failover/fallback` | `foobar` |
| `traefik/http/services/Service04/failover/healthCheck` | `` | | `traefik/http/services/Service04/failover/healthCheck` | `` |
| `traefik/http/services/Service04/failover/service` | `foobar` | | `traefik/http/services/Service04/failover/service` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` | | `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |

View file

@ -71,9 +71,9 @@
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true",
"traefik.http.middlewares.middleware10.headers.stsseconds": "42", "traefik.http.middlewares.middleware10.headers.stsseconds": "42",
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42", "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar", "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar", "traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar",
"traefik.http.middlewares.middleware12.inflightreq.amount": "42", "traefik.http.middlewares.middleware12.inflightreq.amount": "42",
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
@ -121,6 +121,7 @@
"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true", "traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar", "traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar", "traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",
"traefik.http.routers.router0.entrypoints": "foobar, foobar", "traefik.http.routers.router0.entrypoints": "foobar, foobar",
"traefik.http.routers.router0.middlewares": "foobar, foobar", "traefik.http.routers.router0.middlewares": "foobar, foobar",
"traefik.http.routers.router0.priority": "42", "traefik.http.routers.router0.priority": "42",
@ -166,7 +167,7 @@
"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
"traefik.http.services.service01.loadbalancer.server.port": "foobar", "traefik.http.services.service01.loadbalancer.server.port": "foobar",
"traefik.http.services.service01.loadbalancer.server.scheme": "foobar", "traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar", "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar",
"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42", "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar", "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar", "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",

View file

@ -390,6 +390,17 @@ spec:
forward) all X-Forwarded-* headers.' forward) all X-Forwarded-* headers.'
type: boolean type: boolean
type: object type: object
grpcWeb:
description: GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties:
allowOrigins:
description: AllowOrigins is a list of allowable origins. Can
also be a wildcard origin "*".
items:
type: string
type: array
type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More This middleware manages the requests and responses headers. More
@ -572,7 +583,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -597,14 +608,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -768,7 +779,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For

View file

@ -47,8 +47,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
entryPoints: entryPoints:
- web - web
routes: routes:
- match: Host(`example.com`) && PathPrefix(`/whitelist`) - match: Host(`example.com`) && PathPrefix(`/allowlist`)
kind: Rule kind: Rule
services: services:
- name: whoami - name: whoami
port: 80 port: 80
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo
``` ```

View file

@ -986,7 +986,7 @@ The middlewares will take effect only if the rule matches, and before connecting
[tcp.routers.my-router] [tcp.routers.my-router]
rule = "HostSNI(`*`)" rule = "HostSNI(`*`)"
# declared elsewhere # declared elsewhere
middlewares = ["ipwhitelist"] middlewares = ["ipallowlist"]
service = "service-foo" service = "service-foo"
``` ```
@ -998,7 +998,7 @@ The middlewares will take effect only if the rule matches, and before connecting
rule: "HostSNI(`*`)" rule: "HostSNI(`*`)"
# declared elsewhere # declared elsewhere
middlewares: middlewares:
- ipwhitelist - ipallowlist
service: service-foo service: service-foo
``` ```

View file

@ -125,8 +125,9 @@ nav:
- 'DigestAuth': 'middlewares/http/digestauth.md' - 'DigestAuth': 'middlewares/http/digestauth.md'
- 'Errors': 'middlewares/http/errorpages.md' - 'Errors': 'middlewares/http/errorpages.md'
- 'ForwardAuth': 'middlewares/http/forwardauth.md' - 'ForwardAuth': 'middlewares/http/forwardauth.md'
- 'GrpcWeb': 'middlewares/http/grpcweb.md'
- 'Headers': 'middlewares/http/headers.md' - 'Headers': 'middlewares/http/headers.md'
- 'IpWhitelist': 'middlewares/http/ipwhitelist.md' - 'IpAllowList': 'middlewares/http/ipallowlist.md'
- 'InFlightReq': 'middlewares/http/inflightreq.md' - 'InFlightReq': 'middlewares/http/inflightreq.md'
- 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md' - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md'
- 'RateLimit': 'middlewares/http/ratelimit.md' - 'RateLimit': 'middlewares/http/ratelimit.md'
@ -140,7 +141,7 @@ nav:
- 'TCP': - 'TCP':
- 'Overview': 'middlewares/tcp/overview.md' - 'Overview': 'middlewares/tcp/overview.md'
- 'InFlightConn': 'middlewares/tcp/inflightconn.md' - 'InFlightConn': 'middlewares/tcp/inflightconn.md'
- 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md' - 'IpAllowList': 'middlewares/tcp/ipallowlist.md'
- 'Traefik Hub': 'traefik-hub/index.md' - 'Traefik Hub': 'traefik-hub/index.md'
- 'Plugins & Plugin Catalog': 'plugins/index.md' - 'Plugins & Plugin Catalog': 'plugins/index.md'
- 'Operations': - 'Operations':
@ -177,6 +178,7 @@ nav:
- 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md' - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md'
- 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md' - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md'
- 'Migration': - 'Migration':
- 'Traefik v2 to v3': 'migration/v2-to-v3.md'
- 'Traefik v2 minor migrations': 'migration/v2.md' - 'Traefik v2 minor migrations': 'migration/v2.md'
- 'Traefik v1 to v2': 'migration/v1-to-v2.md' - 'Traefik v1 to v2': 'migration/v1-to-v2.md'
- 'Contributing': - 'Contributing':

13
go.mod
View file

@ -3,7 +3,7 @@ module github.com/traefik/traefik/v2
go 1.19 go 1.19
require ( require (
github.com/BurntSushi/toml v1.2.0 github.com/BurntSushi/toml v1.2.1
github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61 github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61
github.com/Masterminds/sprig/v3 v3.2.2 github.com/Masterminds/sprig/v3 v3.2.2
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000
@ -32,6 +32,7 @@ require (
github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/go-version v1.6.0 github.com/hashicorp/go-version v1.6.0
github.com/hashicorp/nomad/api v0.0.0-20220506174431-b5665129cd1f github.com/hashicorp/nomad/api v0.0.0-20220506174431-b5665129cd1f
github.com/improbable-eng/grpc-web v0.15.0
github.com/influxdata/influxdb-client-go/v2 v2.7.0 github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
github.com/instana/go-sensor v1.38.3 github.com/instana/go-sensor v1.38.3
@ -62,7 +63,7 @@ require (
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2
github.com/traefik/paerser v0.1.9 github.com/traefik/paerser v0.1.9
github.com/traefik/yaegi v0.14.2 github.com/traefik/yaegi v0.14.3
github.com/uber/jaeger-client-go v2.30.0+incompatible github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible github.com/uber/jaeger-lib v2.2.0+incompatible
github.com/unrolled/render v1.0.2 github.com/unrolled/render v1.0.2
@ -143,6 +144,7 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpu/goacmedns v0.1.1 // indirect github.com/cpu/goacmedns v0.1.1 // indirect
github.com/deepmap/oapi-codegen v1.9.1 // indirect github.com/deepmap/oapi-codegen v1.9.1 // indirect
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect
github.com/dgraph-io/ristretto v0.1.0 // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect
@ -190,7 +192,7 @@ require (
github.com/gophercloud/gophercloud v1.0.0 // indirect github.com/gophercloud/gophercloud v1.0.0 // indirect
github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 // indirect
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
github.com/hashicorp/consul/sdk v0.10.0 // indirect github.com/hashicorp/consul/sdk v0.10.0 // indirect
github.com/hashicorp/cronexpr v1.1.1 // indirect github.com/hashicorp/cronexpr v1.1.1 // indirect
@ -281,6 +283,7 @@ require (
github.com/pquerna/otp v1.3.0 // indirect github.com/pquerna/otp v1.3.0 // indirect
github.com/prometheus/common v0.35.0 // indirect github.com/prometheus/common v0.35.0 // indirect
github.com/prometheus/procfs v0.7.3 // indirect github.com/prometheus/procfs v0.7.3 // indirect
github.com/rs/cors v1.7.0 // indirect
github.com/sacloud/api-client-go v0.2.1 // indirect github.com/sacloud/api-client-go v0.2.1 // indirect
github.com/sacloud/go-http v0.1.2 // indirect github.com/sacloud/go-http v0.1.2 // indirect
github.com/sacloud/iaas-api-go v1.3.2 // indirect github.com/sacloud/iaas-api-go v1.3.2 // indirect
@ -343,6 +346,7 @@ require (
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
k8s.io/klog/v2 v2.10.0 // indirect k8s.io/klog/v2 v2.10.0 // indirect
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
nhooyr.io/websocket v1.8.7 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
sigs.k8s.io/yaml v1.2.0 // indirect sigs.k8s.io/yaml v1.2.0 // indirect
) )
@ -358,9 +362,6 @@ replace (
// https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131 // https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131
replace github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 replace github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305
// https://github.com/BurntSushi/toml/issues/360
replace github.com/BurntSushi/toml v1.2.0 => github.com/BurntSushi/toml v1.1.0
// ambiguous import: found package github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http in multiple modules // ambiguous import: found package github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http in multiple modules
// tencentcloud uses monorepo with multimodule but the go.mod files are incomplete. // tencentcloud uses monorepo with multimodule but the go.mod files are incomplete.
exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible

51
go.sum
View file

@ -112,8 +112,8 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I= github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 h1:3nVO1nQyh64IUY6BPZUpMYMZ738Pu+LsMt3E0eqqIYw= github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 h1:3nVO1nQyh64IUY6BPZUpMYMZ738Pu+LsMt3E0eqqIYw=
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw= github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw=
@ -522,6 +522,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xb
github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I=
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE=
github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI= github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI=
github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug=
github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
@ -681,8 +683,11 @@ github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungG
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
github.com/gin-gonic/gin v1.7.0/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.7.0/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
github.com/gin-gonic/gin v1.7.4 h1:QmUZXrvJ9qZ3GfWvQ+2wnW/1ePrTEJqPKMYEU3lD/DM=
github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
@ -700,6 +705,7 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg= github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg=
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
@ -735,11 +741,15 @@ github.com/go-pg/pg/v10 v10.0.0/go.mod h1:XHU1AkQW534GFuUdSiQ46+Xw6Ah+9+b8DlT4Yw
github.com/go-pg/zerochecker v0.2.0/go.mod h1:NJZ4wKL0NmTtz0GKCoJ8kym6Xn/EQzXRl2OnAe7MmDo= github.com/go-pg/zerochecker v0.2.0/go.mod h1:NJZ4wKL0NmTtz0GKCoJ8kym6Xn/EQzXRl2OnAe7MmDo=
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
github.com/go-redis/redis/v7 v7.1.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg= github.com/go-redis/redis/v7 v7.1.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg=
github.com/go-redis/redis/v8 v8.0.0/go.mod h1:isLoQT/NFSP7V67lyvM9GmdvLdyZ7pEhsXvvyQtnQTo= github.com/go-redis/redis/v8 v8.0.0/go.mod h1:isLoQT/NFSP7V67lyvM9GmdvLdyZ7pEhsXvvyQtnQTo=
@ -788,6 +798,12 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/gocql/gocql v0.0.0-20220224095938-0eacd3183625/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8= github.com/gocql/gocql v0.0.0-20220224095938-0eacd3183625/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
@ -962,6 +978,7 @@ github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@ -973,8 +990,9 @@ github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:Fecb
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 h1:0IKlLyQ3Hs9nDaiK5cSHAGmcQEIC8l2Ts1u6x5Dfrqg=
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0/go.mod h1:mJzapYve32yjrKlk9GbyCZHuPgZsrbyIbyKhSzOpg6s= github.com/grpc-ecosystem/go-grpc-middleware v1.2.0/go.mod h1:mJzapYve32yjrKlk9GbyCZHuPgZsrbyIbyKhSzOpg6s=
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 h1:FlFbCRLd5Jr4iYXZufAvgWN6Ao0JrI5chLINnUXDDr0=
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
@ -1128,6 +1146,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/improbable-eng/grpc-web v0.15.0 h1:BN+7z6uNXZ1tQGcNAuaU1YjsLTApzkjt2tzCixLaUPQ=
github.com/improbable-eng/grpc-web v0.15.0/go.mod h1:1sy9HKV4Jt9aEs9JSnkWlRJPuPtwNr0l57L4f878wP8=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/influxdata/influxdb-client-go/v2 v2.7.0 h1:QgP5mlBE9sGnzplpnf96pr+p7uqlIlL4W2GAP3n+XZg= github.com/influxdata/influxdb-client-go/v2 v2.7.0 h1:QgP5mlBE9sGnzplpnf96pr+p7uqlIlL4W2GAP3n+XZg=
@ -1278,7 +1298,9 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE= github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw= github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw=
github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
@ -1328,6 +1350,7 @@ github.com/labstack/echo/v4 v4.6.3/go.mod h1:Hk5OiHj0kDqmFq7aHe7eDqI7CUhuCrfpupQ
github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM= github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ= github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
@ -1522,7 +1545,9 @@ github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g= github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g=
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8= github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
@ -1730,6 +1755,7 @@ github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+
github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE= github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE=
@ -1748,6 +1774,7 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
@ -1769,6 +1796,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
@ -1968,8 +1997,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz
github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c= github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c=
github.com/traefik/paerser v0.1.9 h1:x5hZafOt/yogLvr6upoSOYIAn2nh2GsnLb236MOzd4I= github.com/traefik/paerser v0.1.9 h1:x5hZafOt/yogLvr6upoSOYIAn2nh2GsnLb236MOzd4I=
github.com/traefik/paerser v0.1.9/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0= github.com/traefik/paerser v0.1.9/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0=
github.com/traefik/yaegi v0.14.2 h1:9t9xepIfar6BrYdwJHGc+XRKo6qFoJCl6Z46N3hUtUw= github.com/traefik/yaegi v0.14.3 h1:LqA0k8DKwvRMc+msfQjNusphHJc+r6WC5tZU5TmUFOM=
github.com/traefik/yaegi v0.14.2/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= github.com/traefik/yaegi v0.14.3/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
github.com/transip/gotransip/v6 v6.17.0 h1:2RCyqYqz5+Ej8z96EyE4sf6tQrrfEBaFDO0LliSl6+8= github.com/transip/gotransip/v6 v6.17.0 h1:2RCyqYqz5+Ej8z96EyE4sf6tQrrfEBaFDO0LliSl6+8=
github.com/transip/gotransip/v6 v6.17.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/transip/gotransip/v6 v6.17.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
@ -1982,9 +2011,11 @@ github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/
github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
github.com/ugorji/go v1.2.6 h1:tGiWC9HENWE2tqYycIqFTNorMmFRVhNwCpDOpWqnk8E=
github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0= github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
github.com/ugorji/go/codec v1.2.6 h1:7kbGefxLoDBuYXOms4yD7223OpNMMPNPZxXk5TvFcyQ=
github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw= github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs= github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs=
github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM= github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
@ -2208,6 +2239,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
golang.org/x/exp v0.0.0-20200901203048-c4f52b2c50aa/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200901203048-c4f52b2c50aa/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925 h1:5XVKs2rlCg8EFyRcvO8/XFwYxh1oKJO1Q3X5vttIf9c= golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925 h1:5XVKs2rlCg8EFyRcvO8/XFwYxh1oKJO1Q3X5vttIf9c=
golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925/go.mod h1:1phAWC201xIgDyaFpmDeZkgf70Q4Pd/CNqfRtVPtxNw= golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925/go.mod h1:1phAWC201xIgDyaFpmDeZkgf70Q4Pd/CNqfRtVPtxNw=
@ -2280,6 +2312,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -2307,6 +2340,7 @@ golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@ -2420,6 +2454,7 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -2470,6 +2505,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -2676,6 +2712,7 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
@ -2695,6 +2732,7 @@ google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6D
google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@ -2939,6 +2977,9 @@ launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80
mellium.im/sasl v0.2.1/go.mod h1:ROaEDLQNuf9vjKqE1SrAfnsobm2YKXT1gnN1uDp1PjQ= mellium.im/sasl v0.2.1/go.mod h1:ROaEDLQNuf9vjKqE1SrAfnsobm2YKXT1gnN1uDp1PjQ=
mvdan.cc/xurls/v2 v2.1.0 h1:KaMb5GLhlcSX+e+qhbRJODnUUBvlw01jt4yrjFIHAuA= mvdan.cc/xurls/v2 v2.1.0 h1:KaMb5GLhlcSX+e+qhbRJODnUUBvlw01jt4yrjFIHAuA=
mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E= mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E=
nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

View file

@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) {
checkNoOtherTraefikProblems(c) checkNoOtherTraefikProblems(c)
} }
func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) {
ensureWorkingDirectoryIsClean() ensureWorkingDirectoryIsClean()
expected := []accessLogValue{ expected := []accessLogValue{
@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
formatOnly: false, formatOnly: false,
code: "403", code: "403",
user: "-", user: "-",
routerName: "rt-frontendWhitelist", routerName: "rt-frontendAllowlist",
serviceURL: "-", serviceURL: "-",
}, },
} }
@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
checkStatsForLogFile(c) checkStatsForLogFile(c)
waitForTraefik(c, "frontendWhitelist") waitForTraefik(c, "frontendAllowlist")
// Verify Traefik started OK // Verify Traefik started OK
checkTraefikStarted(c) checkTraefikStarted(c)
@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
// Test rate limit // Test rate limit
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil) req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
req.Host = "frontend.whitelist.docker.local" req.Host = "frontend.allowlist.docker.local"
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody()) err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody())
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)

View file

@ -967,6 +967,17 @@ spec:
forward) all X-Forwarded-* headers.' forward) all X-Forwarded-* headers.'
type: boolean type: boolean
type: object type: object
grpcWeb:
description: GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties:
allowOrigins:
description: AllowOrigins is a list of allowable origins. Can
also be a wildcard origin "*".
items:
type: string
type: array
type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More This middleware manages the requests and responses headers. More
@ -1149,7 +1160,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1174,14 +1185,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1345,7 +1356,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1541,8 +1552,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -0,0 +1,66 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.webA]
address = ":8001"
[entryPoints.webB]
address = ":8002"
[entryPoints.webC]
address = ":8003"
[api]
insecure = true
[metrics]
[metrics.prometheus]
buckets = "0.1,0.3,1.2,5.0"
[providers]
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.router-without]
entrypoints = ["webA"]
service = "service-without"
rule = "PathPrefix(`/without`)"
[http.routers.router-req]
entrypoints = ["webB"]
service = "service-req"
rule = "PathPrefix(`/with-req`)"
middlewares = ["buffer-req"]
[http.routers.router-resp]
entrypoints = ["webC"]
service = "service-resp"
rule = "PathPrefix(`/with-resp`)"
middlewares = ["buffer-resp"]
[http.middlewares]
[http.middlewares.buffer-req.buffering]
maxRequestBodyBytes = 10
[http.middlewares.buffer-resp.buffering]
maxResponseBodyBytes = 10
[http.services]
[http.services.service-without.loadBalancer]
[[http.services.service-without.loadBalancer.servers]]
url = "http://{{ .IP }}"
[http.services.service-req.loadBalancer]
[[http.services.service-req.loadBalancer.servers]]
url = "http://{{ .IP }}"
[http.services.service-resp.loadBalancer]
[[http.services.service-resp.loadBalancer.servers]]
url = "http://{{ .IP }}"

View file

@ -23,7 +23,7 @@
entryPoints = ["tcp"] entryPoints = ["tcp"]
rule = "HostSNI(`whoami-a.test`)" rule = "HostSNI(`whoami-a.test`)"
service = "whoami-a" service = "whoami-a"
middlewares = ["blocking-ipwhitelist"] middlewares = ["blocking-ipallowlist"]
[tcp.routers.to-whoami-a.tls] [tcp.routers.to-whoami-a.tls]
passthrough = true passthrough = true
@ -31,7 +31,7 @@
entryPoints = ["tcp"] entryPoints = ["tcp"]
rule = "HostSNI(`whoami-b.test`)" rule = "HostSNI(`whoami-b.test`)"
service = "whoami-b" service = "whoami-b"
middlewares = ["allowing-ipwhitelist"] middlewares = ["allowing-ipallowlist"]
[tcp.routers.to-whoami-b.tls] [tcp.routers.to-whoami-b.tls]
passthrough = true passthrough = true
@ -45,7 +45,7 @@
address = "{{ .WhoamiB }}" address = "{{ .WhoamiB }}"
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.allowing-ipwhitelist.ipWhiteList] [tcp.middlewares.allowing-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32"] sourceRange = ["127.0.0.1/32"]
[tcp.middlewares.blocking-ipwhitelist.ipWhiteList] [tcp.middlewares.blocking-ipallowlist.ipAllowList]
sourceRange = ["127.127.127.127/32"] sourceRange = ["127.127.127.127/32"]

View file

@ -75,14 +75,14 @@ services:
traefik.http.middlewares.rate.ratelimit.burst: 2 traefik.http.middlewares.rate.ratelimit.burst: 2
traefik.http.services.service3.loadbalancer.server.port: 80 traefik.http.services.service3.loadbalancer.server.port: 80
frontendWhitelist: frontendAllowlist:
image: traefik/whoami image: traefik/whoami
labels: labels:
traefik.enable: true traefik.enable: true
traefik.http.routers.rt-frontendWhitelist.entryPoints: web traefik.http.routers.rt-frontendAllowlist.entryPoints: web
traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`) traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`)
traefik.http.routers.rt-frontendWhitelist.middlewares: wl traefik.http.routers.rt-frontendAllowlist.middlewares: wl
traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32 traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32
traefik.http.services.service3.loadbalancer.server.port: 80 traefik.http.services.service3.loadbalancer.server.port: 80
networks: networks:

View file

@ -0,0 +1,41 @@
version: "3.8"
services:
noOverrideAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`)
traefik.http.routers.rt1.middlewares: wl1
traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8
overrideIPStrategyRemoteAddrAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`)
traefik.http.routers.rt2.middlewares: wl2
traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true
overrideIPStrategyDepthAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`)
traefik.http.routers.rt3.middlewares: wl3
traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3
overrideIPStrategyExcludedIPsAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`)
traefik.http.routers.rt4.middlewares: wl4
traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
networks:
default:
name: traefik-test-network
external: true

View file

@ -1,41 +0,0 @@
version: "3.8"
services:
noOverrideWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`)
traefik.http.routers.rt1.middlewares: wl1
traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8
overrideIPStrategyRemoteAddrWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`)
traefik.http.routers.rt2.middlewares: wl2
traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true
overrideIPStrategyDepthWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`)
traefik.http.routers.rt3.middlewares: wl3
traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3
overrideIPStrategyExcludedIPsWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`)
traefik.http.routers.rt4.middlewares: wl4
traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
networks:
default:
name: traefik-test-network
external: true

View file

@ -308,7 +308,7 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
defer s.killCmd(cmd) defer s.killCmd(cmd)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix(`/whoami`)"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK)) err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK))
@ -369,6 +369,84 @@ func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService(c *check.C) {
} }
} }
// TestMetricsWithBufferingMiddleware checks that the buffering middleware
// (which introduces its own response writer in the chain), does not interfere with
// the capture middleware on which the metrics mechanism relies.
func (s *SimpleSuite) TestMetricsWithBufferingMiddleware(c *check.C) {
s.createComposeProject(c, "base")
s.composeUp(c)
defer s.composeDown(c)
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte("MORE THAN TEN BYTES IN RESPONSE"))
}))
server.Start()
defer server.Close()
file := s.adaptFile(c, "fixtures/simple_metrics_with_buffer_middleware.toml", struct{ IP string }{IP: strings.TrimPrefix(server.URL, "http://")})
defer os.Remove(file)
cmd, output := s.traefikCmd(withConfigFile(file))
defer output(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer s.killCmd(cmd)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix(`/without`)"))
c.Assert(err, checker.IsNil)
err = try.GetRequest("http://127.0.0.1:8001/without", 1*time.Second, try.StatusCodeIs(http.StatusOK))
c.Assert(err, checker.IsNil)
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8002/with-req", strings.NewReader("MORE THAN TEN BYTES IN REQUEST"))
c.Assert(err, checker.IsNil)
// The request should fail because the body is too large.
err = try.Request(req, 1*time.Second, try.StatusCodeIs(http.StatusRequestEntityTooLarge))
c.Assert(err, checker.IsNil)
// The request should fail because the response exceeds the configured limit.
err = try.GetRequest("http://127.0.0.1:8003/with-resp", 1*time.Second, try.StatusCodeIs(http.StatusInternalServerError))
c.Assert(err, checker.IsNil)
request, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/metrics", nil)
c.Assert(err, checker.IsNil)
response, err := http.DefaultClient.Do(request)
c.Assert(err, checker.IsNil)
c.Assert(response.StatusCode, checker.Equals, http.StatusOK)
body, err := io.ReadAll(response.Body)
c.Assert(err, checker.IsNil)
// For allowed requests and responses, the entrypoint and service metrics have the same status code.
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 1")
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 0")
c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"200\",entrypoint=\"webA\",method=\"GET\",protocol=\"http\"} 31")
c.Assert(string(body), checker.Contains, "traefik_service_requests_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 1")
c.Assert(string(body), checker.Contains, "traefik_service_requests_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 0")
c.Assert(string(body), checker.Contains, "traefik_service_responses_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-without@file\"} 31")
// For forbidden requests, the entrypoints have metrics, the services don't.
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 1")
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 0")
c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"413\",entrypoint=\"webB\",method=\"GET\",protocol=\"http\"} 24")
// For disallowed responses, the entrypoint and service metrics don't have the same status code.
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_bytes_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 0")
c.Assert(string(body), checker.Contains, "traefik_entrypoint_requests_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 1")
c.Assert(string(body), checker.Contains, "traefik_entrypoint_responses_bytes_total{code=\"500\",entrypoint=\"webC\",method=\"GET\",protocol=\"http\"} 21")
c.Assert(string(body), checker.Contains, "traefik_service_requests_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 0")
c.Assert(string(body), checker.Contains, "traefik_service_requests_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 1")
c.Assert(string(body), checker.Contains, "traefik_service_responses_bytes_total{code=\"200\",method=\"GET\",protocol=\"http\",service=\"service-resp@file\"} 31")
}
func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) { func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
s.createComposeProject(c, "base") s.createComposeProject(c, "base")
@ -397,13 +475,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) {
s.createComposeProject(c, "whitelist") s.createComposeProject(c, "allowlist")
s.composeUp(c) s.composeUp(c)
defer s.composeDown(c) defer s.composeDown(c)
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
defer output(c) defer output(c)
err := cmd.Start() err := cmd.Start()
@ -413,7 +491,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
testCases := []struct { testCases := []struct {
@ -425,31 +503,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
{ {
desc: "override remote addr reject", desc: "override remote addr reject",
xForwardedFor: "8.8.8.8,8.8.8.8", xForwardedFor: "8.8.8.8,8.8.8.8",
host: "override.remoteaddr.whitelist.docker.local", host: "override.remoteaddr.allowlist.docker.local",
expectedStatusCode: 403, expectedStatusCode: 403,
}, },
{ {
desc: "override depth accept", desc: "override depth accept",
xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1", xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1",
host: "override.depth.whitelist.docker.local", host: "override.depth.allowlist.docker.local",
expectedStatusCode: 200, expectedStatusCode: 200,
}, },
{ {
desc: "override depth reject", desc: "override depth reject",
xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1", xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1",
host: "override.depth.whitelist.docker.local", host: "override.depth.allowlist.docker.local",
expectedStatusCode: 403, expectedStatusCode: 403,
}, },
{ {
desc: "override excludedIPs reject", desc: "override excludedIPs reject",
xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2", xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2",
host: "override.excludedips.whitelist.docker.local", host: "override.excludedips.allowlist.docker.local",
expectedStatusCode: 403, expectedStatusCode: 403,
}, },
{ {
desc: "override excludedIPs accept", desc: "override excludedIPs accept",
xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2", xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2",
host: "override.excludedips.whitelist.docker.local", host: "override.excludedips.allowlist.docker.local",
expectedStatusCode: 200, expectedStatusCode: 200,
}, },
} }
@ -468,12 +546,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
} }
func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) { func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
s.createComposeProject(c, "whitelist") s.createComposeProject(c, "allowlist")
s.composeUp(c) s.composeUp(c)
defer s.composeDown(c) defer s.composeDown(c)
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
defer output(c) defer output(c)
err := cmd.Start() err := cmd.Start()
@ -481,13 +559,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
defer s.killCmd(cmd) defer s.killCmd(cmd)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second,
try.BodyContains("override.remoteaddr.whitelist.docker.local")) try.BodyContains("override.remoteaddr.allowlist.docker.local"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil) req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
req.Host = "override.depth.whitelist.docker.local" req.Host = "override.depth.allowlist.docker.local"
req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1") req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1")
err = try.Request(req, 1*time.Second, err = try.Request(req, 1*time.Second,

View file

@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) { func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) {
file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct { file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct {
WhoamiA string WhoamiA string
WhoamiB string WhoamiB string
}{ }{
@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
// Traefik not passes through, ipWhitelist closes connection // Traefik not passes through, ipAllowList closes connection
_, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test") _, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test")
c.Assert(err, checker.ErrorMatches, "EOF") c.Assert(err, checker.ErrorMatches, "EOF")

View file

@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) {
}, },
}, },
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist1@myprovider": { "ipallowlist1@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
Status: runtime.StatusEnabled, Status: runtime.StatusEnabled,
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
}, },
"ipwhitelist3@myprovider": { "ipallowlist3@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },

View file

@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares", path: "/api/tcp/middlewares",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist1@myprovider": { "ipallowlist1@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
}, },
"ipwhitelist1@anotherprovider": { "ipallowlist1@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares?status=enabled", path: "/api/tcp/middlewares?status=enabled",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
Status: runtime.StatusEnabled, Status: runtime.StatusEnabled,
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
Status: runtime.StatusDisabled, Status: runtime.StatusDisabled,
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) {
}, },
{ {
desc: "middlewares filtered by search", desc: "middlewares filtered by search",
path: "/api/tcp/middlewares?search=ipwhitelist", path: "/api/tcp/middlewares?search=ipallowlist",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"bad@myprovider": { "bad@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
Status: runtime.StatusEnabled, Status: runtime.StatusEnabled,
}, },
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
Status: runtime.StatusDisabled, Status: runtime.StatusDisabled,
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares?page=2&per_page=1", path: "/api/tcp/middlewares?page=2&per_page=1",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) {
}, },
{ {
desc: "one middleware by id", desc: "one middleware by id",
path: "/api/tcp/middlewares/ipwhitelist@myprovider", path: "/api/tcp/middlewares/ipallowlist@myprovider",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) {
}, },
expected: expected{ expected: expected{
statusCode: http.StatusOK, statusCode: http.StatusOK,
jsonFile: "testdata/tcpmiddleware-ipwhitelist.json", jsonFile: "testdata/tcpmiddleware-ipallowlist.json",
}, },
}, },
{ {
@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares/foo@myprovider", path: "/api/tcp/middlewares/foo@myprovider",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },

View file

@ -1,11 +1,11 @@
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@myprovider", "name": "ipallowlist@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider", "bar@myprovider",
"test@myprovider" "test@myprovider"

View file

@ -1,24 +1,24 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@anotherprovider", "name": "ipallowlist@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@myprovider", "name": "ipallowlist@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "disabled", "status": "disabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"test@myprovider" "test@myprovider"
] ]

View file

@ -1,24 +1,24 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@anotherprovider", "name": "ipallowlist@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@myprovider", "name": "ipallowlist@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider", "bar@myprovider",
"test@myprovider" "test@myprovider"

View file

@ -1,12 +1,12 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@anotherprovider", "name": "ipallowlist@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]

View file

@ -1,37 +1,37 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist1@anotherprovider", "name": "ipallowlist1@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist1@myprovider", "name": "ipallowlist1@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider", "bar@myprovider",
"test@myprovider" "test@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.2/32"] "sourceRange": ["127.0.0.2/32"]
}, },
"name": "ipwhitelist2@myprovider", "name": "ipallowlist2@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"test@myprovider" "test@myprovider"
] ]

View file

@ -358,11 +358,11 @@
[http.middlewares.Middleware5.chain] [http.middlewares.Middleware5.chain]
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware6] [http.middlewares.Middleware6]
[http.middlewares.Middleware6.ipWhiteList] [http.middlewares.Middleware6.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware7] [http.middlewares.Middleware7]
[http.middlewares.Middleware7.ipWhiteList] [http.middlewares.Middleware7.ipAllowList]
[http.middlewares.Middleware7.ipWhiteList.ipStrategy] [http.middlewares.Middleware7.ipAllowList.ipStrategy]
depth = 42 depth = 42
excludedIPs = ["foobar", "foobar"] excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware8] [http.middlewares.Middleware8]

View file

@ -18,7 +18,7 @@ type Middleware struct {
ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"` ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"`
ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"` ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"` Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` IPAllowList *IPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"` Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"` Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"` RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
@ -34,12 +34,23 @@ type Middleware struct {
PassTLSClientCert *PassTLSClientCert `json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty" export:"true"` PassTLSClientCert *PassTLSClientCert `json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty" export:"true"`
Retry *Retry `json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty" export:"true"` Retry *Retry `json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty" export:"true"`
ContentType *ContentType `json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty" export:"true"` ContentType *ContentType `json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty" export:"true"`
GrpcWeb *GrpcWeb `json:"grpcWeb,omitempty" toml:"grpcWeb,omitempty" yaml:"grpcWeb,omitempty" export:"true"`
Plugin map[string]PluginConf `json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true"` Plugin map[string]PluginConf `json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true"`
} }
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// GrpcWeb holds the gRPC web middleware configuration.
// This middleware converts a gRPC web request to an HTTP/2 gRPC request.
type GrpcWeb struct {
// AllowOrigins is a list of allowable origins.
// Can also be a wildcard origin "*".
AllowOrigins []string `json:"allowOrigins,omitempty" toml:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty"`
}
// +k8s:deepcopy-gen=true
// ContentType holds the content-type middleware configuration. // ContentType holds the content-type middleware configuration.
// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. // This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
type ContentType struct { type ContentType struct {
@ -346,7 +357,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy // More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct { type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -385,10 +396,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPWhiteList holds the IP whitelist middleware configuration. // IPAllowList holds the IP allowlist middleware configuration.
// This middleware accepts / refuses requests based on the client IP. // This middleware accepts / refuses requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/
type IPWhiteList struct { type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`

View file

@ -5,7 +5,7 @@ package dynamic
// TCPMiddleware holds the TCPMiddleware configuration. // TCPMiddleware holds the TCPMiddleware configuration.
type TCPMiddleware struct { type TCPMiddleware struct {
InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"` InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"`
IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` IPAllowList *TCPIPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
} }
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
@ -22,9 +22,9 @@ type TCPInFlightConn struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration. // TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP. // This middleware accepts/refuses connections based on the client IP.
type TCPIPWhiteList struct { type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
} }

View file

@ -353,6 +353,27 @@ func (in *ForwardingTimeouts) DeepCopy() *ForwardingTimeouts {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GrpcWeb) DeepCopyInto(out *GrpcWeb) {
*out = *in
if in.AllowOrigins != nil {
in, out := &in.AllowOrigins, &out.AllowOrigins
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrpcWeb.
func (in *GrpcWeb) DeepCopy() *GrpcWeb {
if in == nil {
return nil
}
out := new(GrpcWeb)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPConfiguration) DeepCopyInto(out *HTTPConfiguration) { func (in *HTTPConfiguration) DeepCopyInto(out *HTTPConfiguration) {
*out = *in *out = *in
@ -532,6 +553,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPAllowList) DeepCopyInto(out *IPAllowList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPStrategy != nil {
in, out := &in.IPStrategy, &out.IPStrategy
*out = new(IPStrategy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList.
func (in *IPAllowList) DeepCopy() *IPAllowList {
if in == nil {
return nil
}
out := new(IPAllowList)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPStrategy) DeepCopyInto(out *IPStrategy) { func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
*out = *in *out = *in
@ -553,32 +600,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPStrategy != nil {
in, out := &in.IPStrategy, &out.IPStrategy
*out = new(IPStrategy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList.
func (in *IPWhiteList) DeepCopy() *IPWhiteList {
if in == nil {
return nil
}
out := new(IPWhiteList)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *InFlightReq) DeepCopyInto(out *InFlightReq) { func (in *InFlightReq) DeepCopyInto(out *InFlightReq) {
*out = *in *out = *in
@ -654,9 +675,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
*out = new(Chain) *out = new(Chain)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(IPWhiteList) *out = new(IPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.Headers != nil { if in.Headers != nil {
@ -734,6 +755,11 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
*out = new(ContentType) *out = new(ContentType)
**out = **in **out = **in
} }
if in.GrpcWeb != nil {
in, out := &in.GrpcWeb, &out.GrpcWeb
*out = new(GrpcWeb)
(*in).DeepCopyInto(*out)
}
if in.Plugin != nil { if in.Plugin != nil {
in, out := &in.Plugin, &out.Plugin in, out := &in.Plugin, &out.Plugin
*out = make(map[string]PluginConf, len(*in)) *out = make(map[string]PluginConf, len(*in))
@ -1384,7 +1410,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration {
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) { func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) {
*out = *in *out = *in
if in.SourceRange != nil { if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange in, out := &in.SourceRange, &out.SourceRange
@ -1394,12 +1420,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
return return
} }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList. // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList.
func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList { func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList {
if in == nil { if in == nil {
return nil return nil
} }
out := new(TCPIPWhiteList) out := new(TCPIPAllowList)
in.DeepCopyInto(out) in.DeepCopyInto(out)
return out return out
} }
@ -1428,9 +1454,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) {
*out = new(TCPInFlightConn) *out = new(TCPInFlightConn)
**out = **in **out = **in
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(TCPIPWhiteList) *out = new(TCPIPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
return return

View file

@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true", "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.Middleware8.headers.stspreload": "true", "traefik.http.middlewares.Middleware8.headers.stspreload": "true",
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42", "traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth": "42", "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips": "foobar, fiibar", "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.http.middlewares.Middleware10.inflightreq.amount": "42", "traefik.http.middlewares.Middleware10.inflightreq.amount": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.services.Service1.loadbalancer.sticky": "false", "traefik.http.services.Service1.loadbalancer.sticky": "false",
"traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui", "traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui",
"traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42", "traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42",
"traefik.tcp.routers.Router0.rule": "foobar", "traefik.tcp.routers.Router0.rule": "foobar",
"traefik.tcp.routers.Router0.priority": "42", "traefik.tcp.routers.Router0.priority": "42",
@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware0": { "Middleware0": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },
@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) {
}, },
}, },
"Middleware9": { "Middleware9": {
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{ SourceRange: []string{
"foobar", "foobar",
"fiibar", "fiibar",
@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware0": { "Middleware0": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },
@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) {
}, },
}, },
"Middleware9": { "Middleware9": {
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{ SourceRange: []string{
"foobar", "foobar",
"fiibar", "fiibar",
@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42", "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth": "42", "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar",
@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar", "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar",
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar", "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar",
"traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar", "traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42", "traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42",
"traefik.TCP.Routers.Router0.Rule": "foobar", "traefik.TCP.Routers.Router0.Rule": "foobar",
"traefik.TCP.Routers.Router0.Priority": "42", "traefik.TCP.Routers.Router0.Priority": "42",

View file

@ -11,25 +11,25 @@ import (
func TestIsAuthorized(t *testing.T) { func TestIsAuthorized(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList []string allowList []string
remoteAddr string remoteAddr string
authorized bool authorized bool
}{ }{
{ {
desc: "remoteAddr not in range", desc: "remoteAddr not in range",
whiteList: []string{"1.2.3.4/24"}, allowList: []string{"1.2.3.4/24"},
remoteAddr: "10.2.3.1:123", remoteAddr: "10.2.3.1:123",
authorized: false, authorized: false,
}, },
{ {
desc: "remoteAddr in range", desc: "remoteAddr in range",
whiteList: []string{"1.2.3.4/24"}, allowList: []string{"1.2.3.4/24"},
remoteAddr: "1.2.3.1:123", remoteAddr: "1.2.3.1:123",
authorized: true, authorized: true,
}, },
{ {
desc: "octal ip in remoteAddr", desc: "octal ip in remoteAddr",
whiteList: []string{"127.2.3.4/24"}, allowList: []string{"127.2.3.4/24"},
remoteAddr: "0127.2.3.1:123", remoteAddr: "0127.2.3.1:123",
authorized: false, authorized: false,
}, },
@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) {
t.Run(test.desc, func(t *testing.T) { t.Run(test.desc, func(t *testing.T) {
t.Parallel() t.Parallel()
ipChecker, err := NewChecker(test.whiteList) ipChecker, err := NewChecker(test.allowList)
require.NoError(t, err) require.NoError(t, err)
err = ipChecker.IsAuthorized(test.remoteAddr) err = ipChecker.IsAuthorized(test.remoteAddr)

View file

@ -227,6 +227,15 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
core[ClientHost] = forwardedFor core[ClientHost] = forwardedFor
} }
ctx := req.Context()
capt, err := capture.FromContext(ctx)
if err != nil {
log.FromContext(log.With(ctx, log.Str(log.MiddlewareType, "AccessLogs"))).
WithError(err).
Errorf("Could not get Capture")
return
}
next.ServeHTTP(rw, reqWithDataTable) next.ServeHTTP(rw, reqWithDataTable)
if _, ok := core[ClientUsername]; !ok { if _, ok := core[ClientUsername]; !ok {
@ -237,13 +246,6 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
headers: rw.Header().Clone(), headers: rw.Header().Clone(),
} }
ctx := req.Context()
capt, err := capture.FromContext(ctx)
if err != nil {
log.FromContext(log.With(ctx, log.Str(log.MiddlewareType, "AccessLogs"))).Errorf("Could not get Capture: %v", err)
return
}
logDataTable.DownstreamResponse.status = capt.StatusCode() logDataTable.DownstreamResponse.status = capt.StatusCode()
logDataTable.DownstreamResponse.size = capt.ResponseSize() logDataTable.DownstreamResponse.size = capt.ResponseSize()
logDataTable.Request.size = capt.RequestSize() logDataTable.Request.size = capt.RequestSize()

View file

@ -57,7 +57,7 @@ func TestLogRotation(t *testing.T) {
}) })
chain := alice.New() chain := alice.New()
chain = chain.Append(capture.WrapHandler(&capture.Handler{})) chain = chain.Append(capture.Wrap)
chain = chain.Append(WrapHandler(logHandler)) chain = chain.Append(WrapHandler(logHandler))
handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(http.StatusOK) rw.WriteHeader(http.StatusOK)
@ -210,7 +210,7 @@ func TestLoggerHeaderFields(t *testing.T) {
} }
chain := alice.New() chain := alice.New()
chain = chain.Append(capture.WrapHandler(&capture.Handler{})) chain = chain.Append(capture.Wrap)
chain = chain.Append(WrapHandler(logger)) chain = chain.Append(WrapHandler(logger))
handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(http.StatusOK) rw.WriteHeader(http.StatusOK)
@ -784,7 +784,7 @@ func doLoggingTLSOpt(t *testing.T, config *types.AccessLog, enableTLS bool) {
} }
chain := alice.New() chain := alice.New()
chain = chain.Append(capture.WrapHandler(&capture.Handler{})) chain = chain.Append(capture.Wrap)
chain = chain.Append(WrapHandler(logger)) chain = chain.Append(WrapHandler(logger))
handler, err := chain.Then(http.HandlerFunc(logWriterTestHandlerFunc)) handler, err := chain.Then(http.HandlerFunc(logWriterTestHandlerFunc))
require.NoError(t, err) require.NoError(t, err)

View file

@ -3,9 +3,8 @@
// For another middleware to get those attributes of a request/response, this middleware // For another middleware to get those attributes of a request/response, this middleware
// should be added before in the middleware chain. // should be added before in the middleware chain.
// //
// handler, _ := NewHandler()
// chain := alice.New(). // chain := alice.New().
// Append(WrapHandler(handler)). // Append(capture.Wrap).
// Append(myOtherMiddleware). // Append(myOtherMiddleware).
// then(...) // then(...)
// //
@ -33,7 +32,6 @@ import (
"net" "net"
"net/http" "net/http"
"github.com/containous/alice"
"github.com/traefik/traefik/v2/pkg/middlewares" "github.com/traefik/traefik/v2/pkg/middlewares"
) )
@ -41,62 +39,67 @@ type key string
const capturedData key = "capturedData" const capturedData key = "capturedData"
// Handler will store each request data to its context. // Wrap returns a new handler that inserts a Capture into the given handler.
type Handler struct{} // It satisfies the alice.Constructor type.
func Wrap(handler http.Handler) (http.Handler, error) {
// WrapHandler wraps capture handler into an Alice Constructor. c := Capture{}
func WrapHandler(handler *Handler) alice.Constructor { return c.Reset(handler), nil
return func(next http.Handler) (http.Handler, error) {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
handler.ServeHTTP(rw, req, next)
}), nil
}
} }
func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http.Handler) { // FromContext returns the Capture value found in ctx, or an empty Capture otherwise.
c := Capture{} func FromContext(ctx context.Context) (Capture, error) {
if req.Body != nil { c := ctx.Value(capturedData)
readCounter := &readCounter{source: req.Body} if c == nil {
c.rr = readCounter return Capture{}, errors.New("value not found in context")
req.Body = readCounter
} }
responseWriter := newResponseWriter(rw) capt, ok := c.(*Capture)
c.rw = responseWriter if !ok {
ctx := context.WithValue(req.Context(), capturedData, &c) return Capture{}, errors.New("value stored in context is not a *Capture")
next.ServeHTTP(responseWriter, req.WithContext(ctx)) }
return *capt, nil
} }
// Capture is the object populated by the capture middleware, // Capture is the object populated by the capture middleware,
// allowing to gather information about the request and response. // holding probes that allow to gather information about the request and response.
type Capture struct { type Capture struct {
rr *readCounter rr *readCounter
rw responseWriter rw responseWriter
} }
// FromContext returns the Capture value found in ctx, or an empty Capture otherwise. // NeedsReset returns whether the given http.ResponseWriter is the capture's probe.
func FromContext(ctx context.Context) (*Capture, error) { func (c *Capture) NeedsReset(rw http.ResponseWriter) bool {
c := ctx.Value(capturedData) return c.rw != rw
if c == nil {
return nil, errors.New("value not found")
}
capt, ok := c.(*Capture)
if !ok {
return nil, errors.New("value stored in Context is not a *Capture")
}
return capt, nil
} }
func (c Capture) ResponseSize() int64 { // Reset returns a new handler that renews the Capture's probes, and inserts
// them when deferring to next.
func (c *Capture) Reset(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
ctx := context.WithValue(req.Context(), capturedData, c)
newReq := req.WithContext(ctx)
if newReq.Body != nil {
readCounter := &readCounter{source: newReq.Body}
c.rr = readCounter
newReq.Body = readCounter
}
c.rw = newResponseWriter(rw)
next.ServeHTTP(c.rw, newReq)
})
}
func (c *Capture) ResponseSize() int64 {
return c.rw.Size() return c.rw.Size()
} }
func (c Capture) StatusCode() int { func (c *Capture) StatusCode() int {
return c.rw.Status() return c.rw.Status()
} }
// RequestSize returns the size of the request's body if it applies, // RequestSize returns the size of the request's body if it applies,
// zero otherwise. // zero otherwise.
func (c Capture) RequestSize() int64 { func (c *Capture) RequestSize() int64 {
if c.rr == nil { if c.rr == nil {
return 0 return 0
} }

View file

@ -38,9 +38,8 @@ func TestCapture(t *testing.T) {
assert.Equal(t, "bar", string(all)) assert.Equal(t, "bar", string(all))
}) })
wrapped := WrapHandler(&Handler{})
chain := alice.New() chain := alice.New()
chain = chain.Append(wrapped) chain = chain.Append(Wrap)
chain = chain.Append(wrapMiddleware) chain = chain.Append(wrapMiddleware)
handlers, err := chain.Then(handler) handlers, err := chain.Then(handler)
require.NoError(t, err) require.NoError(t, err)
@ -142,8 +141,7 @@ func BenchmarkCapture(b *testing.B) {
chain := alice.New() chain := alice.New()
if test.capture || test.body { if test.capture || test.body {
captureWrapped := WrapHandler(&Handler{}) chain = chain.Append(Wrap)
chain = chain.Append(captureWrapped)
} }
handlers, err := chain.Then(next) handlers, err := chain.Then(next)
require.NoError(b, err) require.NoError(b, err)

View file

@ -0,0 +1,27 @@
package grpcweb
import (
"context"
"net/http"
"github.com/improbable-eng/grpc-web/go/grpcweb"
"github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/log"
"github.com/traefik/traefik/v2/pkg/middlewares"
)
const typeName = "grpc-web"
// New builds a new gRPC web request converter.
func New(ctx context.Context, next http.Handler, config dynamic.GrpcWeb, name string) http.Handler {
log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)).Debug("Creating middleware")
return grpcweb.WrapHandler(next, grpcweb.WithCorsForRegisteredEndpointsOnly(false), grpcweb.WithOriginFunc(func(origin string) bool {
for _, originCfg := range config.AllowOrigins {
if originCfg == "*" || originCfg == origin {
return true
}
}
return false
}))
}

View file

@ -1,4 +1,4 @@
package ipwhitelist package ipallowlist
import ( import (
"context" "context"
@ -15,29 +15,29 @@ import (
) )
const ( const (
typeName = "IPWhiteLister" typeName = "IPAllowLister"
) )
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. // ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipWhiteLister struct { type ipAllowLister struct {
next http.Handler next http.Handler
whiteLister *ip.Checker allowLister *ip.Checker
strategy ip.Strategy strategy ip.Strategy
name string name string
} }
// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist. // New builds a new IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) { func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
logger.Debug("Creating middleware") logger.Debug("Creating middleware")
if len(config.SourceRange) == 0 { if len(config.SourceRange) == 0 {
return nil, errors.New("sourceRange is empty, IPWhiteLister not created") return nil, errors.New("sourceRange is empty, IPAllowLister not created")
} }
checker, err := ip.NewChecker(config.SourceRange) checker, err := ip.NewChecker(config.SourceRange)
if err != nil { if err != nil {
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
} }
strategy, err := config.IPStrategy.Get() strategy, err := config.IPStrategy.Get()
@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam
return nil, err return nil, err
} }
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
return &ipWhiteLister{ return &ipAllowLister{
strategy: strategy, strategy: strategy,
whiteLister: checker, allowLister: checker,
next: next, next: next,
name: name, name: name,
}, nil }, nil
} }
func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) { func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {
return wl.name, tracing.SpanKindNoneEnum return al.name, tracing.SpanKindNoneEnum
} }
func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName) ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName)
logger := log.FromContext(ctx) logger := log.FromContext(ctx)
clientIP := wl.strategy.GetIP(req) clientIP := al.strategy.GetIP(req)
err := wl.whiteLister.IsAuthorized(clientIP) err := al.allowLister.IsAuthorized(clientIP)
if err != nil { if err != nil {
msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err) msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
logger.Debug(msg) logger.Debug(msg)
@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
} }
logger.Debugf("Accepting IP %s", clientIP) logger.Debugf("Accepting IP %s", clientIP)
wl.next.ServeHTTP(rw, req) al.next.ServeHTTP(rw, req)
} }
func reject(ctx context.Context, rw http.ResponseWriter) { func reject(ctx context.Context, rw http.ResponseWriter) {

View file

@ -1,4 +1,4 @@
package ipwhitelist package ipallowlist
import ( import (
"context" "context"
@ -11,22 +11,22 @@ import (
"github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/config/dynamic"
) )
func TestNewIPWhiteLister(t *testing.T) { func TestNewIPAllowLister(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.IPWhiteList allowList dynamic.IPAllowList
expectedError bool expectedError bool
}{ }{
{ {
desc: "invalid IP", desc: "invalid IP",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"foo"}, SourceRange: []string{"foo"},
}, },
expectedError: true, expectedError: true,
}, },
{ {
desc: "valid IP", desc: "valid IP",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"10.10.10.10"}, SourceRange: []string{"10.10.10.10"},
}, },
}, },
@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) {
t.Parallel() t.Parallel()
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
if test.expectedError { if test.expectedError {
assert.Error(t, err) assert.Error(t, err)
} else { } else {
require.NoError(t, err) require.NoError(t, err)
assert.NotNil(t, whiteLister) assert.NotNil(t, allowLister)
} }
}) })
} }
} }
func TestIPWhiteLister_ServeHTTP(t *testing.T) { func TestIPAllowLister_ServeHTTP(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.IPWhiteList allowList dynamic.IPAllowList
remoteAddr string remoteAddr string
expected int expected int
}{ }{
{ {
desc: "authorized with remote address", desc: "authorized with remote address",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.20:1234", remoteAddr: "20.20.20.20:1234",
@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
}, },
{ {
desc: "non authorized with remote address", desc: "non authorized with remote address",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.21:1234", remoteAddr: "20.20.20.21:1234",
@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
t.Parallel() t.Parallel()
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
require.NoError(t, err) require.NoError(t, err)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
req.RemoteAddr = test.remoteAddr req.RemoteAddr = test.remoteAddr
} }
whiteLister.ServeHTTP(recorder, req) allowLister.ServeHTTP(recorder, req)
assert.Equal(t, test.expected, recorder.Code) assert.Equal(t, test.expected, recorder.Code)
}) })

View file

@ -24,6 +24,7 @@ const (
protoWebsocket = "websocket" protoWebsocket = "websocket"
typeName = "Metrics" typeName = "Metrics"
nameEntrypoint = "metrics-entrypoint" nameEntrypoint = "metrics-entrypoint"
nameRouter = "metrics-router"
nameService = "metrics-service" nameService = "metrics-service"
) )
@ -56,7 +57,7 @@ func NewEntryPointMiddleware(ctx context.Context, next http.Handler, registry me
// NewRouterMiddleware creates a new metrics middleware for a Router. // NewRouterMiddleware creates a new metrics middleware for a Router.
func NewRouterMiddleware(ctx context.Context, next http.Handler, registry metrics.Registry, routerName string, serviceName string) http.Handler { func NewRouterMiddleware(ctx context.Context, next http.Handler, registry metrics.Registry, routerName string, serviceName string) http.Handler {
log.FromContext(middlewares.GetLoggerCtx(ctx, nameEntrypoint, typeName)).Debug("Creating middleware") log.FromContext(middlewares.GetLoggerCtx(ctx, nameRouter, typeName)).Debug("Creating middleware")
return &metricsMiddleware{ return &metricsMiddleware{
next: next, next: next,
@ -125,17 +126,25 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
m.reqsTLSCounter.With(tlsLabels...).Add(1) m.reqsTLSCounter.With(tlsLabels...).Add(1)
} }
start := time.Now()
m.next.ServeHTTP(rw, req)
ctx := req.Context() ctx := req.Context()
capt, err := capture.FromContext(ctx) capt, err := capture.FromContext(ctx)
if err != nil { if err != nil {
log.FromContext(middlewares.GetLoggerCtx(ctx, nameEntrypoint, typeName)).Errorf("Could not get Capture: %w", err) for i := 0; i < len(m.baseLabels); i += 2 {
ctx = log.With(ctx, log.Str(m.baseLabels[i], m.baseLabels[i+1]))
}
log.FromContext(ctx).WithError(err).Errorf("Could not get Capture")
return return
} }
next := m.next
if capt.NeedsReset(rw) {
next = capt.Reset(m.next)
}
start := time.Now()
next.ServeHTTP(rw, req)
labels = append(labels, "code", strconv.Itoa(capt.StatusCode())) labels = append(labels, "code", strconv.Itoa(capt.StatusCode()))
m.reqDurationHistogram.With(labels...).ObserveFromStart(start) m.reqDurationHistogram.With(labels...).ObserveFromStart(start)
m.reqsCounter.With(labels...).Add(1) m.reqsCounter.With(labels...).Add(1)

View file

@ -1,4 +1,4 @@
package tcpinflightconn package inflightconn
import ( import (
"context" "context"

View file

@ -1,4 +1,4 @@
package tcpinflightconn package inflightconn
import ( import (
"context" "context"

View file

@ -1,4 +1,4 @@
package tcpipwhitelist package ipallowlist
import ( import (
"context" "context"
@ -13,46 +13,46 @@ import (
) )
const ( const (
typeName = "IPWhiteListerTCP" typeName = "IPAllowListerTCP"
) )
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. // ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipWhiteLister struct { type ipAllowLister struct {
next tcp.Handler next tcp.Handler
whiteLister *ip.Checker allowLister *ip.Checker
name string name string
} }
// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist. // New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) { func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) {
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
logger.Debug("Creating middleware") logger.Debug("Creating middleware")
if len(config.SourceRange) == 0 { if len(config.SourceRange) == 0 {
return nil, errors.New("sourceRange is empty, IPWhiteLister not created") return nil, errors.New("sourceRange is empty, IPAllowLister not created")
} }
checker, err := ip.NewChecker(config.SourceRange) checker, err := ip.NewChecker(config.SourceRange)
if err != nil { if err != nil {
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
} }
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
return &ipWhiteLister{ return &ipAllowLister{
whiteLister: checker, allowLister: checker,
next: next, next: next,
name: name, name: name,
}, nil }, nil
} }
func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) { func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) {
ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName) ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName)
logger := log.FromContext(ctx) logger := log.FromContext(ctx)
addr := conn.RemoteAddr().String() addr := conn.RemoteAddr().String()
err := wl.whiteLister.IsAuthorized(addr) err := al.allowLister.IsAuthorized(addr)
if err != nil { if err != nil {
logger.Errorf("Connection from %s rejected: %v", addr, err) logger.Errorf("Connection from %s rejected: %v", addr, err)
conn.Close() conn.Close()
@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
logger.Debugf("Connection from %s accepted", addr) logger.Debugf("Connection from %s accepted", addr)
wl.next.ServeTCP(conn) al.next.ServeTCP(conn)
} }

View file

@ -1,4 +1,4 @@
package tcpipwhitelist package ipallowlist
import ( import (
"context" "context"
@ -12,27 +12,27 @@ import (
"github.com/traefik/traefik/v2/pkg/tcp" "github.com/traefik/traefik/v2/pkg/tcp"
) )
func TestNewIPWhiteLister(t *testing.T) { func TestNewIPAllowLister(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.TCPIPWhiteList allowList dynamic.TCPIPAllowList
expectedError bool expectedError bool
}{ }{
{ {
desc: "Empty config", desc: "Empty config",
whiteList: dynamic.TCPIPWhiteList{}, allowList: dynamic.TCPIPAllowList{},
expectedError: true, expectedError: true,
}, },
{ {
desc: "invalid IP", desc: "invalid IP",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"foo"}, SourceRange: []string{"foo"},
}, },
expectedError: true, expectedError: true,
}, },
{ {
desc: "valid IP", desc: "valid IP",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"10.10.10.10"}, SourceRange: []string{"10.10.10.10"},
}, },
}, },
@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) {
t.Parallel() t.Parallel()
next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {}) next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
if test.expectedError { if test.expectedError {
assert.Error(t, err) assert.Error(t, err)
} else { } else {
require.NoError(t, err) require.NoError(t, err)
assert.NotNil(t, whiteLister) assert.NotNil(t, allowLister)
} }
}) })
} }
} }
func TestIPWhiteLister_ServeHTTP(t *testing.T) { func TestIPAllowLister_ServeHTTP(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.TCPIPWhiteList allowList dynamic.TCPIPAllowList
remoteAddr string remoteAddr string
expected string expected string
}{ }{
{ {
desc: "authorized with remote address", desc: "authorized with remote address",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.20:1234", remoteAddr: "20.20.20.20:1234",
@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
}, },
{ {
desc: "non authorized with remote address", desc: "non authorized with remote address",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.21:1234", remoteAddr: "20.20.20.21:1234",
@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
}) })
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
require.NoError(t, err) require.NoError(t, err)
server, client := net.Pipe() server, client := net.Pipe()
go func() { go func() {
whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}}) allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
}() }()
read, err := io.ReadAll(server) read, err := io.ReadAll(server)

View file

@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test", Name: "Test",
Labels: map[string]string{ Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}, },
Address: "127.0.0.1", Address: "127.0.0.1",
@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test", Name: "Test",
Labels: map[string]string{ Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}, },
NetworkSettings: networkSettings{ NetworkSettings: networkSettings{
@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) {
name("Test"), name("Test"),
labels(map[string]string{ labels(map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}), }),
iMachine( iMachine(
@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: foo namespace: foo
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
--- ---
@ -36,6 +36,6 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo

View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: foo namespace: foo
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
--- ---
@ -36,9 +36,9 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo
- name: ipwhitelist@file - name: ipallowlist@file
- name: ipwhitelist-foo@file - name: ipallowlist-foo@file
namespace: foo namespace: foo

View file

@ -4,7 +4,7 @@ metadata:
name: multiple---hyphens name: multiple---hyphens
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32

View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: cross-ns namespace: cross-ns
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
--- ---
@ -36,7 +36,7 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
- match: HostSNI(`bar.com`) - match: HostSNI(`bar.com`)
services: services:
@ -44,5 +44,5 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
namespace: cross-ns namespace: cross-ns

View file

@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
ReplacePath: middleware.Spec.ReplacePath, ReplacePath: middleware.Spec.ReplacePath,
ReplacePathRegex: middleware.Spec.ReplacePathRegex, ReplacePathRegex: middleware.Spec.ReplacePathRegex,
Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain), Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain),
IPWhiteList: middleware.Spec.IPWhiteList, IPAllowList: middleware.Spec.IPAllowList,
Headers: middleware.Spec.Headers, Headers: middleware.Spec.Headers,
Errors: errorPage, Errors: errorPage,
RateLimit: rateLimit, RateLimit: rateLimit,
@ -279,6 +279,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
PassTLSClientCert: middleware.Spec.PassTLSClientCert, PassTLSClientCert: middleware.Spec.PassTLSClientCert,
Retry: retry, Retry: retry,
ContentType: middleware.Spec.ContentType, ContentType: middleware.Spec.ContentType,
GrpcWeb: middleware.Spec.GrpcWeb,
Plugin: plugin, Plugin: plugin,
} }
} }
@ -288,7 +289,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{ conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{
InFlightConn: middlewareTCP.Spec.InFlightConn, InFlightConn: middlewareTCP.Spec.InFlightConn,
IPWhiteList: middlewareTCP.Spec.IPWhiteList, IPAllowList: middlewareTCP.Spec.IPAllowList,
} }
} }

View file

@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"}, Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"foo-ipwhitelist": { "foo-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-multiple-hyphens": { "default-multiple-hyphens": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"}, Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"foo-ipwhitelist": { "foo-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist"}, Middlewares: []string{"default-ipallowlist"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"cross-ns-ipwhitelist": { "cross-ns-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist"}, Middlewares: []string{"default-ipallowlist"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
"default-test.route-f44ce589164e656d231c": { "default-test.route-f44ce589164e656d231c": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-f44ce589164e656d231c", Service: "default-test.route-f44ce589164e656d231c",
Middlewares: []string{"cross-ns-ipwhitelist"}, Middlewares: []string{"cross-ns-ipallowlist"},
Rule: "HostSNI(`bar.com`)", Rule: "HostSNI(`bar.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"cross-ns-ipwhitelist": { "cross-ns-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },

View file

@ -32,7 +32,7 @@ type MiddlewareSpec struct {
ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"` ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"`
ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"` ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"`
Chain *Chain `json:"chain,omitempty"` Chain *Chain `json:"chain,omitempty"`
IPWhiteList *dynamic.IPWhiteList `json:"ipWhiteList,omitempty"` IPAllowList *dynamic.IPAllowList `json:"ipAllowList,omitempty"`
Headers *dynamic.Headers `json:"headers,omitempty"` Headers *dynamic.Headers `json:"headers,omitempty"`
Errors *ErrorPage `json:"errors,omitempty"` Errors *ErrorPage `json:"errors,omitempty"`
RateLimit *RateLimit `json:"rateLimit,omitempty"` RateLimit *RateLimit `json:"rateLimit,omitempty"`
@ -48,6 +48,7 @@ type MiddlewareSpec struct {
PassTLSClientCert *dynamic.PassTLSClientCert `json:"passTLSClientCert,omitempty"` PassTLSClientCert *dynamic.PassTLSClientCert `json:"passTLSClientCert,omitempty"`
Retry *Retry `json:"retry,omitempty"` Retry *Retry `json:"retry,omitempty"`
ContentType *dynamic.ContentType `json:"contentType,omitempty"` ContentType *dynamic.ContentType `json:"contentType,omitempty"`
GrpcWeb *dynamic.GrpcWeb `json:"grpcWeb,omitempty"`
// Plugin defines the middleware plugin configuration. // Plugin defines the middleware plugin configuration.
// More info: https://doc.traefik.io/traefik/plugins/ // More info: https://doc.traefik.io/traefik/plugins/
Plugin map[string]apiextensionv1.JSON `json:"plugin,omitempty"` Plugin map[string]apiextensionv1.JSON `json:"plugin,omitempty"`

View file

@ -25,8 +25,8 @@ type MiddlewareTCP struct {
type MiddlewareTCPSpec struct { type MiddlewareTCPSpec struct {
// InFlightConn defines the InFlightConn middleware configuration. // InFlightConn defines the InFlightConn middleware configuration.
InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"` InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
// IPWhiteList defines the IPWhiteList middleware configuration. // IPAllowList defines the IPAllowList middleware configuration.
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

View file

@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
*out = new(Chain) *out = new(Chain)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(dynamic.IPWhiteList) *out = new(dynamic.IPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.Headers != nil { if in.Headers != nil {
@ -769,6 +769,11 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
*out = new(dynamic.ContentType) *out = new(dynamic.ContentType)
**out = **in **out = **in
} }
if in.GrpcWeb != nil {
in, out := &in.GrpcWeb, &out.GrpcWeb
*out = new(dynamic.GrpcWeb)
(*in).DeepCopyInto(*out)
}
if in.Plugin != nil { if in.Plugin != nil {
in, out := &in.Plugin, &out.Plugin in, out := &in.Plugin, &out.Plugin
*out = make(map[string]v1.JSON, len(*in)) *out = make(map[string]v1.JSON, len(*in))
@ -857,9 +862,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) {
*out = new(dynamic.TCPInFlightConn) *out = new(dynamic.TCPInFlightConn)
**out = **in **out = **in
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(dynamic.TCPIPWhiteList) *out = new(dynamic.TCPIPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
return return

View file

@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar",
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar",
"traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true", "traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true",
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth": "42", "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth": "42",
"traefik/http/middlewares/Middleware11/inFlightReq/amount": "42", "traefik/http/middlewares/Middleware11/inFlightReq/amount": "42",
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true",
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42",
@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.Middleware{ Middlewares: map[string]*dynamic.Middleware{
"Middleware10": { "Middleware10": {
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{ SourceRange: []string{
"foobar", "foobar",
"foobar", "foobar",

View file

@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) {
}, },
}, },
{ {
desc: "TCP with IP whitelist", desc: "TCP with IP allowlist",
applications: withApplications( applications: withApplications(
application( application(
appID("/app"), appID("/app"),
appPorts(80), appPorts(80),
withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"), withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"),
withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"), withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"),
withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"), withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"),
withTasks(localhostTask(taskPorts(80))), withTasks(localhostTask(taskPorts(80))),
)), )),
@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) {
Name: "Test", Name: "Test",
Tags: []string{ Tags: []string{
"traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar",
"traefik.tcp.routers.Test.middlewares = Middleware1", "traefik.tcp.routers.Test.middlewares = Middleware1",
}, },
Address: "127.0.0.1", Address: "127.0.0.1",
@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test", Name: "Test",
Labels: map[string]string{ Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}, },
Port: "80/tcp", Port: "80/tcp",
@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -191,7 +191,7 @@ func init() {
Chain: &dynamic.Chain{ Chain: &dynamic.Chain{
Middlewares: []string{"foo"}, Middlewares: []string{"foo"},
}, },
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{"foo"}, SourceRange: []string{"foo"},
IPStrategy: &dynamic.IPStrategy{ IPStrategy: &dynamic.IPStrategy{
Depth: 42, Depth: 42,

View file

@ -119,7 +119,7 @@
"foo" "foo"
] ]
}, },
"ipWhiteList": { "ipAllowList": {
"sourceRange": [ "sourceRange": [
"xxxx" "xxxx"
], ],

View file

@ -119,7 +119,7 @@
"foo" "foo"
] ]
}, },
"ipWhiteList": { "ipAllowList": {
"sourceRange": [ "sourceRange": [
"foo" "foo"
], ],

View file

@ -18,16 +18,14 @@ type ChainBuilder struct {
metricsRegistry metrics.Registry metricsRegistry metrics.Registry
accessLoggerMiddleware *accesslog.Handler accessLoggerMiddleware *accesslog.Handler
tracer *tracing.Tracing tracer *tracing.Tracing
captureMiddleware *capture.Handler
} }
// NewChainBuilder Creates a new ChainBuilder. // NewChainBuilder Creates a new ChainBuilder.
func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *accesslog.Handler, tracer *tracing.Tracing, captureMiddleware *capture.Handler) *ChainBuilder { func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *accesslog.Handler, tracer *tracing.Tracing) *ChainBuilder {
return &ChainBuilder{ return &ChainBuilder{
metricsRegistry: metricsRegistry, metricsRegistry: metricsRegistry,
accessLoggerMiddleware: accessLoggerMiddleware, accessLoggerMiddleware: accessLoggerMiddleware,
tracer: tracer, tracer: tracer,
captureMiddleware: captureMiddleware,
} }
} }
@ -35,8 +33,8 @@ func NewChainBuilder(metricsRegistry metrics.Registry, accessLoggerMiddleware *a
func (c *ChainBuilder) Build(ctx context.Context, entryPointName string) alice.Chain { func (c *ChainBuilder) Build(ctx context.Context, entryPointName string) alice.Chain {
chain := alice.New() chain := alice.New()
if c.captureMiddleware != nil { if c.accessLoggerMiddleware != nil || c.metricsRegistry != nil && (c.metricsRegistry.IsEpEnabled() || c.metricsRegistry.IsRouterEnabled() || c.metricsRegistry.IsSvcEnabled()) {
chain = chain.Append(capture.WrapHandler(c.captureMiddleware)) chain = chain.Append(capture.Wrap)
} }
if c.accessLoggerMiddleware != nil { if c.accessLoggerMiddleware != nil {

View file

@ -17,9 +17,10 @@ import (
"github.com/traefik/traefik/v2/pkg/middlewares/circuitbreaker" "github.com/traefik/traefik/v2/pkg/middlewares/circuitbreaker"
"github.com/traefik/traefik/v2/pkg/middlewares/compress" "github.com/traefik/traefik/v2/pkg/middlewares/compress"
"github.com/traefik/traefik/v2/pkg/middlewares/customerrors" "github.com/traefik/traefik/v2/pkg/middlewares/customerrors"
"github.com/traefik/traefik/v2/pkg/middlewares/grpcweb"
"github.com/traefik/traefik/v2/pkg/middlewares/headers" "github.com/traefik/traefik/v2/pkg/middlewares/headers"
"github.com/traefik/traefik/v2/pkg/middlewares/inflightreq" "github.com/traefik/traefik/v2/pkg/middlewares/inflightreq"
"github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist" "github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist"
"github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert" "github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert"
"github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter" "github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter"
"github.com/traefik/traefik/v2/pkg/middlewares/redirect" "github.com/traefik/traefik/v2/pkg/middlewares/redirect"
@ -219,6 +220,16 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
} }
} }
// GrpcWeb
if config.GrpcWeb != nil {
if middleware != nil {
return nil, badConf
}
middleware = func(next http.Handler) (http.Handler, error) {
return grpcweb.New(ctx, next, *config.GrpcWeb, middlewareName), nil
}
}
// Headers // Headers
if config.Headers != nil { if config.Headers != nil {
if middleware != nil { if middleware != nil {
@ -229,13 +240,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
} }
} }
// IPWhiteList // IPAllowList
if config.IPWhiteList != nil { if config.IPAllowList != nil {
if middleware != nil { if middleware != nil {
return nil, badConf return nil, badConf
} }
middleware = func(next http.Handler) (http.Handler, error) { middleware = func(next http.Handler) (http.Handler, error) {
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
} }
} }

View file

@ -6,8 +6,8 @@ import (
"strings" "strings"
"github.com/traefik/traefik/v2/pkg/config/runtime" "github.com/traefik/traefik/v2/pkg/config/runtime"
inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn" "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn"
ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist" "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist"
"github.com/traefik/traefik/v2/pkg/server/provider" "github.com/traefik/traefik/v2/pkg/server/provider"
"github.com/traefik/traefik/v2/pkg/tcp" "github.com/traefik/traefik/v2/pkg/tcp"
) )
@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
} }
} }
// IPWhiteList // IPAllowList
if config.IPWhiteList != nil { if config.IPAllowList != nil {
middleware = func(next tcp.Handler) (tcp.Handler, error) { middleware = func(next tcp.Handler) (tcp.Handler, error) {
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
} }
} }

View file

@ -316,7 +316,7 @@ func TestRouterManager_Get(t *testing.T) {
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
@ -422,7 +422,7 @@ func TestAccessLog(t *testing.T) {
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
@ -439,7 +439,7 @@ func TestAccessLog(t *testing.T) {
reqHost := requestdecorator.New(nil) reqHost := requestdecorator.New(nil)
chain := alice.New() chain := alice.New()
chain = chain.Append(capture.WrapHandler(&capture.Handler{})) chain = chain.Append(capture.Wrap)
chain = chain.Append(accesslog.WrapHandler(accesslogger)) chain = chain.Append(accesslog.WrapHandler(accesslogger))
handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { handler, err := chain.Then(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
reqHost.ServeHTTP(w, req, handlers["web"].ServeHTTP) reqHost.ServeHTTP(w, req, handlers["web"].ServeHTTP)
@ -717,7 +717,7 @@ func TestRuntimeConfiguration(t *testing.T) {
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
@ -792,7 +792,7 @@ func TestProviderOnMiddlewares(t *testing.T) {
roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}}) roundTripperManager.Update(map[string]*dynamic.ServersTransport{"default@internal": {}})
serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager) serviceManager := service.NewManager(rtConf.Services, nil, nil, roundTripperManager)
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())
@ -860,7 +860,7 @@ func BenchmarkRouterServe(b *testing.B) {
serviceManager := service.NewManager(rtConf.Services, nil, nil, staticRoundTripperGetter{res}) serviceManager := service.NewManager(rtConf.Services, nil, nil, staticRoundTripperGetter{res})
middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager, nil)
chainBuilder := middleware.NewChainBuilder(nil, nil, nil, nil) chainBuilder := middleware.NewChainBuilder(nil, nil, nil)
routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry()) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, chainBuilder, metrics.NewVoidRegistry())

View file

@ -53,7 +53,7 @@ func TestReuseService(t *testing.T) {
managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil) managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil)
tlsManager := tls.NewManager() tlsManager := tls.NewManager()
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil, nil), nil, metrics.NewVoidRegistry()) factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil), nil, metrics.NewVoidRegistry())
entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs})) entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs}))
@ -189,7 +189,7 @@ func TestServerResponseEmptyBackend(t *testing.T) {
managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil) managerFactory := service.NewManagerFactory(staticConfig, nil, metrics.NewVoidRegistry(), roundTripperManager, nil)
tlsManager := tls.NewManager() tlsManager := tls.NewManager()
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil, nil), nil, metrics.NewVoidRegistry()) factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(nil, nil, nil), nil, metrics.NewVoidRegistry())
entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: test.config(testServer.URL)})) entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: test.config(testServer.URL)}))
@ -232,7 +232,7 @@ func TestInternalServices(t *testing.T) {
voidRegistry := metrics.NewVoidRegistry() voidRegistry := metrics.NewVoidRegistry()
factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(voidRegistry, nil, nil, nil), nil, voidRegistry) factory := NewRouterFactory(staticConfig, managerFactory, tlsManager, middleware.NewChainBuilder(voidRegistry, nil, nil), nil, voidRegistry)
entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs})) entryPointsHandlers, _ := factory.CreateRouters(runtime.NewConfig(dynamic.Configuration{HTTP: dynamicConfigs}))

View file

@ -593,9 +593,11 @@ func TestWebSocketTransferTLSConfig(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "ok", resp) assert.Equal(t, "ok", resp)
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // Don't alter default transport to prevent side effects on other tests.
defaultTransport := http.DefaultTransport.(*http.Transport).Clone()
defaultTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, http.DefaultTransport, nil) forwarderWithTLSConfigFromDefaultTransport, err := buildProxy(Bool(true), nil, defaultTransport, nil)
require.NoError(t, err) require.NoError(t, err)
proxyWithTLSConfigFromDefaultTransport := createProxyWithForwarder(t, forwarderWithTLSConfigFromDefaultTransport, srv.URL) proxyWithTLSConfigFromDefaultTransport := createProxyWithForwarder(t, forwarderWithTLSConfigFromDefaultTransport, srv.URL)

View file

@ -283,11 +283,11 @@ func TestSpiffeMTLS(t *testing.T) {
} }
testCases := []struct { testCases := []struct {
desc string desc string
config dynamic.Spiffe config dynamic.Spiffe
clientSource SpiffeX509Source clientSource SpiffeX509Source
wantStatusCode int wantStatusCode int
wantErrorMessage string wantError bool
}{ }{
{ {
desc: "supports SPIFFE mTLS", desc: "supports SPIFFE mTLS",
@ -308,8 +308,8 @@ func TestSpiffeMTLS(t *testing.T) {
config: dynamic.Spiffe{ config: dynamic.Spiffe{
IDs: []string{"spiffe://traefik.test/not-server"}, IDs: []string{"spiffe://traefik.test/not-server"},
}, },
clientSource: &clientSource, clientSource: &clientSource,
wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`, wantError: true,
}, },
{ {
desc: "allows expected server trust domain", desc: "allows expected server trust domain",
@ -324,8 +324,8 @@ func TestSpiffeMTLS(t *testing.T) {
config: dynamic.Spiffe{ config: dynamic.Spiffe{
TrustDomain: "spiffe://not-traefik.test", TrustDomain: "spiffe://not-traefik.test",
}, },
clientSource: &clientSource, clientSource: &clientSource,
wantErrorMessage: `unexpected trust domain "traefik.test"`, wantError: true,
}, },
{ {
desc: "spiffe IDs allowlist takes precedence", desc: "spiffe IDs allowlist takes precedence",
@ -333,14 +333,14 @@ func TestSpiffeMTLS(t *testing.T) {
IDs: []string{"spiffe://traefik.test/not-server"}, IDs: []string{"spiffe://traefik.test/not-server"},
TrustDomain: "spiffe://not-traefik.test", TrustDomain: "spiffe://not-traefik.test",
}, },
clientSource: &clientSource, clientSource: &clientSource,
wantErrorMessage: `unexpected ID "spiffe://traefik.test/server"`, wantError: true,
}, },
{ {
desc: "raises an error when spiffe is enabled on the transport but no workloadapi address is given", desc: "raises an error when spiffe is enabled on the transport but no workloadapi address is given",
config: dynamic.Spiffe{}, config: dynamic.Spiffe{},
clientSource: nil, clientSource: nil,
wantErrorMessage: `remote error: tls: bad certificate`, wantError: true,
}, },
} }
@ -362,8 +362,8 @@ func TestSpiffeMTLS(t *testing.T) {
client := http.Client{Transport: tr} client := http.Client{Transport: tr}
resp, err := client.Get(srv.URL) resp, err := client.Get(srv.URL)
if test.wantErrorMessage != "" { if test.wantError {
assert.ErrorContains(t, err, test.wantErrorMessage) require.Error(t, err)
return return
} }

View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file" OutputType = "file"
FileName = "traefik_changelog.md" FileName = "traefik_changelog.md"
# example new bugfix v2.9.1 # example new bugfix v2.9.2
CurrentRef = "v2.9" CurrentRef = "v2.9"
PreviousRef = "v2.9.0" PreviousRef = "v2.9.1"
BaseBranch = "v2.9" BaseBranch = "v2.9"
FutureCurrentRefName = "v2.9.0" FutureCurrentRefName = "v2.9.2"
ThresholdPreviousRef = 10 ThresholdPreviousRef = 10
ThresholdCurrentRef = 10 ThresholdCurrentRef = 10

View file

@ -675,8 +675,8 @@
</div> </div>
</q-card-section> </q-card-section>
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange --> <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
<q-card-section v-if="middleware.ipWhiteList"> <q-card-section v-if="middleware.ipAllowList">
<div class="row items-start no-wrap"> <div class="row items-start no-wrap">
<div class="col"> <div class="col">
<div class="text-subtitle2">Source Range</div> <div class="text-subtitle2">Source Range</div>
@ -689,8 +689,8 @@
</div> </div>
</div> </div>
</q-card-section> </q-card-section>
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - ipStrategy --> <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - ipStrategy -->
<q-card-section v-if="middleware.ipWhiteList"> <q-card-section v-if="middleware.ipAllowList">
<div class="row items-start"> <div class="row items-start">
<div class="col-12"> <div class="col-12">
<div class="text-subtitle2">IP Strategy</div> <div class="text-subtitle2">IP Strategy</div>
@ -1076,8 +1076,8 @@
</q-card-section> </q-card-section>
<q-card-section v-if="protocol === 'tcp'"> <q-card-section v-if="protocol === 'tcp'">
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange --> <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
<q-card-section v-if="middleware.ipWhiteList"> <q-card-section v-if="middleware.ipAllowList">
<div class="row items-start no-wrap"> <div class="row items-start no-wrap">
<div class="col"> <div class="col">
<div class="text-subtitle2">Source Range</div> <div class="text-subtitle2">Source Range</div>