diff --git a/internal/ingress/annotations/annotations_test.go b/internal/ingress/annotations/annotations_test.go index 5df3cdc0e..0c041cc2c 100644 --- a/internal/ingress/annotations/annotations_test.go +++ b/internal/ingress/annotations/annotations_test.go @@ -133,7 +133,6 @@ func TestSSLPassthrough(t *testing.T) { ec := NewAnnotationExtractor(mockCfg{}) ing := buildIngress() - //nolint:goconst //already a constant fooAnns := []struct { annotations map[string]string er bool diff --git a/internal/ingress/annotations/parser/validators.go b/internal/ingress/annotations/parser/validators.go index 3c724a311..048086c52 100644 --- a/internal/ingress/annotations/parser/validators.go +++ b/internal/ingress/annotations/parser/validators.go @@ -49,8 +49,6 @@ var ( // IsValidRegex checks if the tested string can be used as a regex, but without any weird character. // It includes regex characters for paths that may contain regexes -// -//nolint:goconst //already a constant var IsValidRegex = regexp.MustCompile("^[/" + alphaNumericChars + regexEnabledChars + "]*$") // SizeRegex validates sizes understood by NGINX, like 1000, 100k, 1000M diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index dba893459..9559790ed 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -71,6 +71,7 @@ import ( const ( tempNginxPattern = "nginx-cfg" emptyUID = "-1" + goTemplateEngine = "go-template" ) // NewNGINXController creates a new NGINX Ingress controller. @@ -159,7 +160,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro } onTemplateChange := func() { - if config.ConfigurationTemplateEngine != "go-template" { + if config.ConfigurationTemplateEngine != goTemplateEngine { return } template, err := ngx_template.NewTemplate(nginx.TemplatePath) @@ -176,7 +177,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro var ngxTpl ngx_template.Writer switch config.ConfigurationTemplateEngine { - case "go-template": + case goTemplateEngine: ngxTpl, err = ngx_template.NewTemplate(nginx.TemplatePath) if err != nil { klog.Fatalf("Invalid NGINX configuration template: %v", err) @@ -887,7 +888,7 @@ func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) erro } } - if n.cfg.ConfigurationTemplateEngine == "go-template" { + if n.cfg.ConfigurationTemplateEngine == goTemplateEngine { streamConfigurationChanged := !reflect.DeepEqual(n.runningConfig.TCPEndpoints, pcfg.TCPEndpoints) || !reflect.DeepEqual(n.runningConfig.UDPEndpoints, pcfg.UDPEndpoints) if streamConfigurationChanged { err := updateStreamConfiguration(pcfg.TCPEndpoints, pcfg.UDPEndpoints) diff --git a/internal/ingress/controller/template/crossplane/authlocation.go b/internal/ingress/controller/template/crossplane/authlocation.go index 64c15eeb6..ef0dd8e17 100644 --- a/internal/ingress/controller/template/crossplane/authlocation.go +++ b/internal/ingress/controller/template/crossplane/authlocation.go @@ -124,39 +124,23 @@ func (c *Template) buildAuthLocation(server *ingress.Server, */ locationDirectives = append(locationDirectives, buildDirective("set", "$proxy_upstream_name", location.Backend), + buildDirective("proxy_pass_request_body", "off"), + buildDirective("proxy_ssl_server_name", "on"), + buildDirective("proxy_pass_request_headers", "on"), + buildDirective("proxy_set_header", "Content-Length", ""), + buildDirective("proxy_set_header", "X-Forwarded-Proto", ""), + buildDirective("proxy_set_header", "X-Request-ID", "$req_id"), + buildDirective("proxy_set_header", "Host", locationConfig.externalAuth.Host), + buildDirective("proxy_set_header", "X-Original-URL", "$scheme://$http_host$request_uri"), + buildDirective("proxy_set_header", "X-Original-Method", "$request_method"), + buildDirective("proxy_set_header", "X-Sent-From", "nginx-ingress-controller"), + buildDirective("proxy_set_header", "X-Real-IP", "$remote_addr"), ) - locationDirectives = append(locationDirectives, - buildDirective("proxy_pass_request_body", "off")) - - locationDirectives = append(locationDirectives, - buildDirective("proxy_ssl_server_name", "on")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_pass_request_headers", "on")) - - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "Content-Length", "")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Forwarded-Proto", "")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Request-ID", "$req_id")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "Host", locationConfig.externalAuth.Host)) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Original-URL", "$scheme://$http_host$request_uri")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Original-Method", "$request_method")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Sent-From", "nginx-ingress-controller")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Real-IP", "$remote_addr")) - if locationConfig.externalAuth.Method != "" { locationDirectives = append(locationDirectives, - buildDirective("proxy_method", locationConfig.externalAuth.Method)) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Original-URI", "$request_uri")) - locationDirectives = append(locationDirectives, + buildDirective("proxy_method", locationConfig.externalAuth.Method), + buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"), buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme")) } @@ -178,8 +162,7 @@ func (c *Template) buildAuthLocation(server *ingress.Server, if locationConfig.externalAuth.Method != "" { locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "X-Original-URI", "$request_uri")) - locationDirectives = append(locationDirectives, + buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"), buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme")) } @@ -192,11 +175,10 @@ func (c *Template) buildAuthLocation(server *ingress.Server, } locationDirectives = append(locationDirectives, - buildDirective("proxy_buffer_size", location.Proxy.BufferSize)) - locationDirectives = append(locationDirectives, - buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize)) - locationDirectives = append(locationDirectives, - buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering)) + buildDirective("proxy_buffer_size", location.Proxy.BufferSize), + buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize), + buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering), + ) if isValidByteSize(location.Proxy.BodySize, true) { locationDirectives = append(locationDirectives, @@ -210,13 +192,10 @@ func (c *Template) buildAuthLocation(server *ingress.Server, if server.CertificateAuth.CAFileName != "" { locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "ssl-client-verify", "$ssl_client_verify")) - - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "ssl-client-subject-dn", "$ssl_client_s_dn")) - - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "ssl-client-issuer-dn", "$ssl_client_i_dn")) + buildDirective("proxy_set_header", "ssl-client-verify", "$ssl_client_verify"), + buildDirective("proxy_set_header", "ssl-client-subject-dn", "$ssl_client_s_dn"), + buildDirective("proxy_set_header", "ssl-client-issuer-dn", "$ssl_client_i_dn"), + ) if server.CertificateAuth.PassCertToUpstream { locationDirectives = append(locationDirectives, @@ -231,16 +210,13 @@ func (c *Template) buildAuthLocation(server *ingress.Server, if locationConfig.applyAuthUpstream && locationConfig.applyGlobalAuth { locationDirectives = append(locationDirectives, - buildDirective("proxy_http_version", "1.1")) - locationDirectives = append(locationDirectives, - buildDirective("proxy_set_header", "Connection", "")) - locationDirectives = append(locationDirectives, + buildDirective("proxy_http_version", "1.1"), + buildDirective("proxy_set_header", "Connection", ""), buildDirective("set", "$target", changeHostPort(locationConfig.externalAuth.URL, buildAuthUpstreamName(location, server.Hostname)))) } else { locationDirectives = append(locationDirectives, - buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion)) - locationDirectives = append(locationDirectives, + buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion), buildDirective("set", "$target", locationConfig.externalAuth.URL)) } locationDirectives = append(locationDirectives, diff --git a/internal/ingress/controller/template/crossplane/cors.go b/internal/ingress/controller/template/crossplane/cors.go index 932c2489b..932f25dbb 100644 --- a/internal/ingress/controller/template/crossplane/cors.go +++ b/internal/ingress/controller/template/crossplane/cors.go @@ -35,12 +35,10 @@ func buildCorsDirectives(locationcors cors.Config) ngx_crossplane.Directives { buildDirective("set", "$cors", "${cors}options"), }, ), - ) - - directives = append(directives, commonCorsDirective(locationcors, false), commonCorsDirective(locationcors, true), ) + return directives } diff --git a/internal/ingress/controller/template/crossplane/crossplane_test.go b/internal/ingress/controller/template/crossplane/crossplane_test.go index 02c59035e..c52077c75 100644 --- a/internal/ingress/controller/template/crossplane/crossplane_test.go +++ b/internal/ingress/controller/template/crossplane/crossplane_test.go @@ -87,12 +87,12 @@ func TestCrossplaneTemplate(t *testing.T) { ngx_crossplane.MatchHeadersMoreLatest, extramodules.BrotliMatchFn, extramodules.OpentelemetryMatchFn, + extramodules.SetMiscMatchFn, ngx_crossplane.MatchGeoip2Latest, }, LexOptions: ngx_crossplane.LexOptions{ Lexers: []ngx_crossplane.RegisterLexer{lua.RegisterLexer()}, }, - IgnoreDirectives: []string{"set_escape_uri"}, } mimeFile, err := os.CreateTemp("", "") diff --git a/internal/ingress/controller/template/crossplane/extramodules/analyze.go b/internal/ingress/controller/template/crossplane/extramodules/analyze.go index 72efe2474..22d227d30 100644 --- a/internal/ingress/controller/template/crossplane/extramodules/analyze.go +++ b/internal/ingress/controller/template/crossplane/extramodules/analyze.go @@ -22,8 +22,6 @@ limitations under the License. */ // This file is an extraction from https://github.com/nginxinc/nginx-go-crossplane/blob/main/analyze.go -// -//nolint:unused package extramodules // bit masks for different directive argument styles. diff --git a/internal/ingress/controller/template/crossplane/extramodules/setmisc.go b/internal/ingress/controller/template/crossplane/extramodules/setmisc.go index ab39ec5e8..fed384d46 100644 --- a/internal/ingress/controller/template/crossplane/extramodules/setmisc.go +++ b/internal/ingress/controller/template/crossplane/extramodules/setmisc.go @@ -14,48 +14,18 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by generator; DO NOT EDIT. -// All the definitions are extracted from the source code -// Each bit mask describes these behaviors: -// - how many arguments the directive can take -// - whether or not it is a block directive -// - whether this is a flag (takes one argument that's either "on" or "off") -// - which contexts it's allowed to be in +// As opposite to the other files, this wasn't auto generated but hand crafted. +// Please do not change it package extramodules var setMiscDirectives = map[string][]uint{ - "set_base32_alphabet": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake1, - }, - "set_base32_padding": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfFlag, - }, - "set_decode_base32": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12, - }, - "set_encode_base32": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12, - }, - "set_formatted_gmt_time": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2, - }, - "set_formatted_local_time": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2, - }, - "set_hashed_upstream": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake3, - }, - "set_local_today": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake1, - }, - "set_misc_base32_padding": { - ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfFlag, - }, + "set_escape_uri": { + ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12, + }, } - func SetMiscMatchFn(directive string) ([]uint, bool) { - m, ok := setMiscDirectives[directive] - return m, ok + m, ok := setMiscDirectives[directive] + return m, ok } diff --git a/internal/ingress/controller/template/crossplane/http.go b/internal/ingress/controller/template/crossplane/http.go index 5da0b248a..381ef67a4 100644 --- a/internal/ingress/controller/template/crossplane/http.go +++ b/internal/ingress/controller/template/crossplane/http.go @@ -113,8 +113,10 @@ func (c *Template) buildHTTP() { // HTTP2 Configuration if cfg.HTTP2MaxHeaderSize != "" && cfg.HTTP2MaxFieldSize != "" { - httpBlock = append(httpBlock, buildDirective("http2_max_field_size", cfg.HTTP2MaxFieldSize)) - httpBlock = append(httpBlock, buildDirective("http2_max_header_size", cfg.HTTP2MaxHeaderSize)) + httpBlock = append(httpBlock, + buildDirective("http2_max_field_size", cfg.HTTP2MaxFieldSize), + buildDirective("http2_max_header_size", cfg.HTTP2MaxHeaderSize), + ) } if cfg.HTTP2MaxRequests > 0 { @@ -122,13 +124,15 @@ func (c *Template) buildHTTP() { } if cfg.UseGzip { - httpBlock = append(httpBlock, buildDirective("gzip", "on")) - httpBlock = append(httpBlock, buildDirective("gzip_comp_level", cfg.GzipLevel)) - httpBlock = append(httpBlock, buildDirective("gzip_http_version", "1.1")) - httpBlock = append(httpBlock, buildDirective("gzip_min_length", cfg.GzipMinLength)) - httpBlock = append(httpBlock, buildDirective("gzip_types", strings.Split(cfg.GzipTypes, " "))) - httpBlock = append(httpBlock, buildDirective("gzip_proxied", "any")) - httpBlock = append(httpBlock, buildDirective("gzip_vary", "on")) + httpBlock = append(httpBlock, + buildDirective("gzip", "on"), + buildDirective("gzip_comp_level", cfg.GzipLevel), + buildDirective("gzip_http_version", "1.1"), + buildDirective("gzip_min_length", cfg.GzipMinLength), + buildDirective("gzip_types", strings.Split(cfg.GzipTypes, " ")), + buildDirective("gzip_proxied", "any"), + buildDirective("gzip_vary", "on"), + ) if cfg.GzipDisable != "" { httpBlock = append(httpBlock, buildDirective("gzip_disable", strings.Split(cfg.GzipDisable, " "))) @@ -346,29 +350,9 @@ func (c *Template) buildHTTP() { } } - /* - {{ range $server := $servers }} - {{ range $location := $server.Locations }} - {{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }} - {{ $applyAuthUpstream := shouldApplyAuthUpstream $location $all.Cfg }} - {{ if and (eq $applyAuthUpstream true) (eq $applyGlobalAuth false) }} - ## start auth upstream {{ $server.Hostname }}{{ $location.Path }} - upstream {{ buildAuthUpstreamName $location $server.Hostname }} { - {{- $externalAuth := $location.ExternalAuth }} - server {{ extractHostPort $externalAuth.URL }}; - - keepalive {{ $externalAuth.KeepaliveConnections }}; - keepalive_requests {{ $externalAuth.KeepaliveRequests }}; - keepalive_timeout {{ $externalAuth.KeepaliveTimeout }}s; - } - ## end auth upstream {{ $server.Hostname }}{{ $location.Path }} - {{ end }} - {{ end }} - {{ end }} - */ for _, server := range c.tplConfig.Servers { for _, location := range server.Locations { - if shouldApplyAuthUpstream(location, cfg) && !shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL) { + if shouldApplyAuthUpstream(location, &cfg) && !shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL) { authUpstreamBlock := buildBlockDirective("upstream", []string{buildAuthUpstreamName(location, server.Hostname)}, ngx_crossplane.Directives{ buildDirective("server", extractHostPort(location.ExternalAuth.URL)), @@ -387,14 +371,17 @@ func (c *Template) buildHTTP() { } for _, server := range c.tplConfig.Servers { - httpBlock = append(httpBlock, buildStartServer(server.Hostname)) - serverBlock := c.buildServerDirective(server) - httpBlock = append(httpBlock, serverBlock) - httpBlock = append(httpBlock, buildEndServer(server.Hostname)) + httpBlock = append(httpBlock, + buildStartServer(server.Hostname), + c.buildServerDirective(server), + buildEndServer(server.Hostname), + ) } - httpBlock = append(httpBlock, c.buildDefaultBackend()) - httpBlock = append(httpBlock, c.buildHealthAndStatsServer()) + httpBlock = append(httpBlock, + c.buildDefaultBackend(), + c.buildHealthAndStatsServer(), + ) c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{ Directive: "http", diff --git a/internal/ingress/controller/template/crossplane/location.go b/internal/ingress/controller/template/crossplane/location.go index e2a06f85e..ddb28a7b1 100644 --- a/internal/ingress/controller/template/crossplane/location.go +++ b/internal/ingress/controller/template/crossplane/location.go @@ -173,7 +173,7 @@ func (c *Template) buildServerLocations(server *ingress.Server, locations []*ing proxySetHeader: getProxySetHeader(location), authPath: buildAuthLocation(location, cfg.GlobalExternalAuth.URL), applyGlobalAuth: shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL), - applyAuthUpstream: shouldApplyAuthUpstream(location, cfg), + applyAuthUpstream: shouldApplyAuthUpstream(location, &cfg), externalAuth: &externalAuth{}, } @@ -236,7 +236,7 @@ func (c *Template) buildLocation(server *ingress.Server, buildDirective("set", "$location_path", strings.ReplaceAll(ing.Path, `$`, `${literal_dollar}`)), } - locationDirectives = append(locationDirectives, locationConfigForLua(location, *c.tplConfig)...) + locationDirectives = append(locationDirectives, locationConfigForLua(location, c.tplConfig)...) locationDirectives = append(locationDirectives, buildCertificateDirectives(location)...) if cfg.Cfg.UseProxyProtocol { @@ -648,7 +648,7 @@ func buildRateLimit(loc *ingress.Location) ngx_crossplane.Directives { } // locationConfigForLua formats some location specific configuration into Lua table represented as string -func locationConfigForLua(location *ingress.Location, all config.TemplateConfig) ngx_crossplane.Directives { +func locationConfigForLua(location *ingress.Location, all *config.TemplateConfig) ngx_crossplane.Directives { /* Lua expects the following vars force_ssl_redirect = string_to_bool(ngx.var.force_ssl_redirect), ssl_redirect = string_to_bool(ngx.var.ssl_redirect), diff --git a/internal/ingress/controller/template/crossplane/server.go b/internal/ingress/controller/template/crossplane/server.go index 541e156f0..c81003b0c 100644 --- a/internal/ingress/controller/template/crossplane/server.go +++ b/internal/ingress/controller/template/crossplane/server.go @@ -56,7 +56,6 @@ func (c *Template) buildServerDirective(server *ingress.Server) *ngx_crossplane. if server.AuthTLSError != "" { serverBlock = append(serverBlock, buildDirective("return", 403)) } else { - serverBlock = append(serverBlock, c.buildCertificateDirectives(server)...) serverBlock = append(serverBlock, buildCustomErrorLocationsPerServer(server, c.tplConfig.EnableMetrics)...) serverBlock = append(serverBlock, buildMirrorLocationDirective(server.Locations)...) @@ -119,9 +118,10 @@ func (c *Template) buildCertificateDirectives(server *ingress.Server) ngx_crossp if server.CertificateAuth.CAFileName != "" { certAuth := server.CertificateAuth - certDirectives = append(certDirectives, buildDirective("ssl_client_certificate", certAuth.CAFileName)) - certDirectives = append(certDirectives, buildDirective("ssl_verify_client", certAuth.VerifyClient)) - certDirectives = append(certDirectives, buildDirective("ssl_verify_depth", certAuth.ValidationDepth)) + certDirectives = append(certDirectives, + buildDirective("ssl_client_certificate", certAuth.CAFileName), + buildDirective("ssl_verify_client", certAuth.VerifyClient), + buildDirective("ssl_verify_depth", certAuth.ValidationDepth)) if certAuth.CRLFileName != "" { certDirectives = append(certDirectives, buildDirective("ssl_crl", certAuth.CRLFileName)) } @@ -132,19 +132,22 @@ func (c *Template) buildCertificateDirectives(server *ingress.Server) ngx_crossp prxSSL := server.ProxySSL if prxSSL.CAFileName != "" { - certDirectives = append(certDirectives, buildDirective("proxy_ssl_trusted_certificate", prxSSL.CAFileName)) - certDirectives = append(certDirectives, buildDirective("proxy_ssl_ciphers", prxSSL.Ciphers)) - certDirectives = append(certDirectives, buildDirective("proxy_ssl_protocols", strings.Split(prxSSL.Protocols, " "))) - certDirectives = append(certDirectives, buildDirective("proxy_ssl_verify", prxSSL.Verify)) - certDirectives = append(certDirectives, buildDirective("proxy_ssl_verify_depth", prxSSL.VerifyDepth)) + certDirectives = append(certDirectives, buildDirective("proxy_ssl_trusted_certificate", prxSSL.CAFileName), + buildDirective("proxy_ssl_ciphers", prxSSL.Ciphers), + buildDirective("proxy_ssl_protocols", strings.Split(prxSSL.Protocols, " ")), + buildDirective("proxy_ssl_verify", prxSSL.Verify), + buildDirective("proxy_ssl_verify_depth", prxSSL.VerifyDepth), + ) if prxSSL.ProxySSLName != "" { - certDirectives = append(certDirectives, buildDirective("proxy_ssl_name", prxSSL.ProxySSLName)) - certDirectives = append(certDirectives, buildDirective("proxy_ssl_server_name", prxSSL.ProxySSLServerName)) + certDirectives = append(certDirectives, + buildDirective("proxy_ssl_name", prxSSL.ProxySSLName), + buildDirective("proxy_ssl_server_name", prxSSL.ProxySSLServerName)) } } if prxSSL.PemFileName != "" { - certDirectives = append(certDirectives, buildDirective("proxy_ssl_certificate", prxSSL.PemFileName)) - certDirectives = append(certDirectives, buildDirective("proxy_ssl_certificate_key", prxSSL.PemFileName)) + certDirectives = append(certDirectives, + buildDirective("proxy_ssl_certificate", prxSSL.PemFileName), + buildDirective("proxy_ssl_certificate_key", prxSSL.PemFileName)) } if server.SSLCiphers != "" { certDirectives = append(certDirectives, buildDirective("ssl_ciphers", server.SSLCiphers)) @@ -191,11 +194,12 @@ func (c *Template) buildDefaultBackend() *ngx_crossplane.Directive { fmt.Sprintf("backlog=%d", c.tplConfig.BacklogSize), )) } - serverBlock = append(serverBlock, buildDirective("set", "$proxy_upstream_name", "internal")) - serverBlock = append(serverBlock, buildDirective("access_log", "off")) - serverBlock = append(serverBlock, buildBlockDirective("location", []string{"/"}, ngx_crossplane.Directives{ - buildDirective("return", "404"), - })) + serverBlock = append(serverBlock, + buildDirective("set", "$proxy_upstream_name", "internal"), + buildDirective("access_log", "off"), + buildBlockDirective("location", []string{"/"}, ngx_crossplane.Directives{ + buildDirective("return", "404"), + })) return &ngx_crossplane.Directive{ Directive: "server", @@ -228,8 +232,8 @@ func (c *Template) buildHealthAndStatsServer() *ngx_crossplane.Directive { buildBlockDirective( "location", []string{"/configuration"}, ngx_crossplane.Directives{ - buildDirective("client_max_body_size", luaConfigurationRequestBodySize(c.tplConfig.Cfg)), - buildDirective("client_body_buffer_size", luaConfigurationRequestBodySize(c.tplConfig.Cfg)), + buildDirective("client_max_body_size", luaConfigurationRequestBodySize(&c.tplConfig.Cfg)), + buildDirective("client_body_buffer_size", luaConfigurationRequestBodySize(&c.tplConfig.Cfg)), buildDirective("proxy_buffering", "off"), buildDirective("content_by_lua_file", "/etc/nginx/lua/nginx/ngx_conf_configuration.lua"), }), diff --git a/internal/ingress/controller/template/crossplane/utils.go b/internal/ingress/controller/template/crossplane/utils.go index ea0ade3c9..74b09e6f0 100644 --- a/internal/ingress/controller/template/crossplane/utils.go +++ b/internal/ingress/controller/template/crossplane/utils.go @@ -289,7 +289,7 @@ func httpListener(addresses []string, co []string, tc *config.TemplateConfig, ss return listeners } -func luaConfigurationRequestBodySize(cfg config.Configuration) string { +func luaConfigurationRequestBodySize(cfg *config.Configuration) string { size := cfg.LuaSharedDicts["configuration_data"] if size < cfg.LuaSharedDicts["certificate_data"] { size = cfg.LuaSharedDicts["certificate_data"] @@ -347,7 +347,7 @@ func shouldApplyGlobalAuth(location *ingress.Location, globalExternalAuthURL str // shouldApplyAuthUpstream returns true only in case when ExternalAuth.URL and // ExternalAuth.KeepaliveConnections are all set -func shouldApplyAuthUpstream(location *ingress.Location, cfg config.Configuration) bool { +func shouldApplyAuthUpstream(location *ingress.Location, cfg *config.Configuration) bool { if location.ExternalAuth.URL == "" || location.ExternalAuth.KeepaliveConnections == 0 { return false } diff --git a/test/e2e/annotations/affinity.go b/test/e2e/annotations/affinity.go index d2adc86a5..629277ddf 100644 --- a/test/e2e/annotations/affinity.go +++ b/test/e2e/annotations/affinity.go @@ -58,7 +58,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -80,7 +81,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -115,7 +117,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -181,7 +184,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -212,7 +216,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) local, err := time.LoadLocation("GMT") @@ -243,7 +248,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -265,7 +271,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -289,7 +296,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -312,7 +320,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -431,7 +440,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -454,7 +464,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) f.HTTPTestClient(). @@ -476,7 +487,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) && + return (strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host))) && strings.Contains(server, "listen 443") }) diff --git a/test/e2e/annotations/affinitymode.go b/test/e2e/annotations/affinitymode.go index a49a76721..7b5f47c56 100644 --- a/test/e2e/annotations/affinitymode.go +++ b/test/e2e/annotations/affinitymode.go @@ -56,7 +56,8 @@ var _ = framework.DescribeAnnotation("affinitymode", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) // Check configuration @@ -89,7 +90,8 @@ var _ = framework.DescribeAnnotation("affinitymode", func() { f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) // Check configuration diff --git a/test/e2e/annotations/auth.go b/test/e2e/annotations/auth.go index fd1734f35..5ecff23b4 100644 --- a/test/e2e/annotations/auth.go +++ b/test/e2e/annotations/auth.go @@ -419,7 +419,6 @@ http { f.EnsureIngress(ing2) f.WaitForNginxServer(host, func(server string) bool { - //nolint:goconst //server_name is a constant return strings.Contains(server, "server_name "+host) }) }) diff --git a/test/e2e/annotations/grpc.go b/test/e2e/annotations/grpc.go index 2a9c5a983..049cf931d 100644 --- a/test/e2e/annotations/grpc.go +++ b/test/e2e/annotations/grpc.go @@ -106,7 +106,6 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() { return strings.Contains(server, "grpc_pass grpc://upstream_balancer;") }) - //nolint:goconst //string interpolation conn, err := grpc.NewClient(f.GetNginxIP()+":443", grpc.WithTransportCredentials( credentials.NewTLS(&tls.Config{ diff --git a/test/e2e/annotations/limitconnections.go b/test/e2e/annotations/limitconnections.go index d44cb169c..e660a233a 100644 --- a/test/e2e/annotations/limitconnections.go +++ b/test/e2e/annotations/limitconnections.go @@ -41,7 +41,8 @@ var _ = framework.DescribeAnnotation("Annotation - limit-connections", func() { ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.SlowEchoService, 80, nil) f.EnsureIngress(ing) f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) // limit connections diff --git a/test/e2e/annotations/upstreamhashby.go b/test/e2e/annotations/upstreamhashby.go index e5e3c5846..43670c717 100644 --- a/test/e2e/annotations/upstreamhashby.go +++ b/test/e2e/annotations/upstreamhashby.go @@ -36,7 +36,8 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str f.EnsureIngress(ing) f.WaitForNginxServer(host, func(server string) bool { - return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) + return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) || + strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 02cc08816..b3eec60e7 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -321,7 +321,7 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b if name == "" { cmd = "cat /etc/nginx/nginx.conf" } else { - cmd = fmt.Sprintf("cat /etc/nginx/nginx.conf | awk '/## start server %s;/,/## end server %s;/'", name, name) + cmd = fmt.Sprintf("cat /etc/nginx/nginx.conf | awk '/## start server %s/,/## end server %s/'", name, name) } o, err := f.ExecCommand(f.pod, cmd) diff --git a/test/e2e/framework/httpexpect/response.go b/test/e2e/framework/httpexpect/response.go index e324e94ff..1c7624752 100644 --- a/test/e2e/framework/httpexpect/response.go +++ b/test/e2e/framework/httpexpect/response.go @@ -234,7 +234,6 @@ func (r *HTTPResponse) checkContentType(expectedType string, expectedCharset ... } if mediaType != expectedType { - //nolint:goconst //string interpolation r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+ "\nbut got %q", expectedType, mediaType) return false diff --git a/test/e2e/settings/disable_sync_events.go b/test/e2e/settings/disable_sync_events.go index 0d55c96e4..033fd9194 100644 --- a/test/e2e/settings/disable_sync_events.go +++ b/test/e2e/settings/disable_sync_events.go @@ -44,7 +44,6 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() { return strings.Contains(server, fmt.Sprintf("server_name %v", host)) }) - //nolint:goconst //string interpolation events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host}) assert.Nil(ginkgo.GinkgoT(), err, "listing events") diff --git a/test/e2e/settings/enable_real_ip.go b/test/e2e/settings/enable_real_ip.go index bf16e1ea0..778011b9f 100644 --- a/test/e2e/settings/enable_real_ip.go +++ b/test/e2e/settings/enable_real_ip.go @@ -47,7 +47,6 @@ var _ = framework.DescribeSetting("enable-real-ip", func() { f.WaitForNginxServer(host, func(server string) bool { - //nolint:goconst //already a const return strings.Contains(server, "server_name "+host) && !strings.Contains(server, "proxy_set_header X-Forwarded-Proto $full_x_forwarded_proto;") })