Fix lint, extra module, test assertions
This commit is contained in:
Ricardo Katz
parent
d6cc3fd6e1
commit
65c047c3cb
22 changed files with 123 additions and 181 deletions
|
|
@ -133,7 +133,6 @@ func TestSSLPassthrough(t *testing.T) {
|
||||||
ec := NewAnnotationExtractor(mockCfg{})
|
ec := NewAnnotationExtractor(mockCfg{})
|
||||||
ing := buildIngress()
|
ing := buildIngress()
|
||||||
|
|
||||||
//nolint:goconst //already a constant
|
|
||||||
fooAnns := []struct {
|
fooAnns := []struct {
|
||||||
annotations map[string]string
|
annotations map[string]string
|
||||||
er bool
|
er bool
|
||||||
|
|
|
||||||
|
|
@ -49,8 +49,6 @@ var (
|
||||||
|
|
||||||
// IsValidRegex checks if the tested string can be used as a regex, but without any weird character.
|
// IsValidRegex checks if the tested string can be used as a regex, but without any weird character.
|
||||||
// It includes regex characters for paths that may contain regexes
|
// It includes regex characters for paths that may contain regexes
|
||||||
//
|
|
||||||
//nolint:goconst //already a constant
|
|
||||||
var IsValidRegex = regexp.MustCompile("^[/" + alphaNumericChars + regexEnabledChars + "]*$")
|
var IsValidRegex = regexp.MustCompile("^[/" + alphaNumericChars + regexEnabledChars + "]*$")
|
||||||
|
|
||||||
// SizeRegex validates sizes understood by NGINX, like 1000, 100k, 1000M
|
// SizeRegex validates sizes understood by NGINX, like 1000, 100k, 1000M
|
||||||
|
|
|
||||||
|
|
@ -71,6 +71,7 @@ import (
|
||||||
const (
|
const (
|
||||||
tempNginxPattern = "nginx-cfg"
|
tempNginxPattern = "nginx-cfg"
|
||||||
emptyUID = "-1"
|
emptyUID = "-1"
|
||||||
|
goTemplateEngine = "go-template"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewNGINXController creates a new NGINX Ingress controller.
|
// NewNGINXController creates a new NGINX Ingress controller.
|
||||||
|
|
@ -159,7 +160,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro
|
||||||
}
|
}
|
||||||
|
|
||||||
onTemplateChange := func() {
|
onTemplateChange := func() {
|
||||||
if config.ConfigurationTemplateEngine != "go-template" {
|
if config.ConfigurationTemplateEngine != goTemplateEngine {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
template, err := ngx_template.NewTemplate(nginx.TemplatePath)
|
template, err := ngx_template.NewTemplate(nginx.TemplatePath)
|
||||||
|
|
@ -176,7 +177,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro
|
||||||
|
|
||||||
var ngxTpl ngx_template.Writer
|
var ngxTpl ngx_template.Writer
|
||||||
switch config.ConfigurationTemplateEngine {
|
switch config.ConfigurationTemplateEngine {
|
||||||
case "go-template":
|
case goTemplateEngine:
|
||||||
ngxTpl, err = ngx_template.NewTemplate(nginx.TemplatePath)
|
ngxTpl, err = ngx_template.NewTemplate(nginx.TemplatePath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Fatalf("Invalid NGINX configuration template: %v", err)
|
klog.Fatalf("Invalid NGINX configuration template: %v", err)
|
||||||
|
|
@ -887,7 +888,7 @@ func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) erro
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if n.cfg.ConfigurationTemplateEngine == "go-template" {
|
if n.cfg.ConfigurationTemplateEngine == goTemplateEngine {
|
||||||
streamConfigurationChanged := !reflect.DeepEqual(n.runningConfig.TCPEndpoints, pcfg.TCPEndpoints) || !reflect.DeepEqual(n.runningConfig.UDPEndpoints, pcfg.UDPEndpoints)
|
streamConfigurationChanged := !reflect.DeepEqual(n.runningConfig.TCPEndpoints, pcfg.TCPEndpoints) || !reflect.DeepEqual(n.runningConfig.UDPEndpoints, pcfg.UDPEndpoints)
|
||||||
if streamConfigurationChanged {
|
if streamConfigurationChanged {
|
||||||
err := updateStreamConfiguration(pcfg.TCPEndpoints, pcfg.UDPEndpoints)
|
err := updateStreamConfiguration(pcfg.TCPEndpoints, pcfg.UDPEndpoints)
|
||||||
|
|
|
||||||
|
|
@ -124,39 +124,23 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
||||||
*/
|
*/
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("set", "$proxy_upstream_name", location.Backend),
|
buildDirective("set", "$proxy_upstream_name", location.Backend),
|
||||||
|
buildDirective("proxy_pass_request_body", "off"),
|
||||||
|
buildDirective("proxy_ssl_server_name", "on"),
|
||||||
|
buildDirective("proxy_pass_request_headers", "on"),
|
||||||
|
buildDirective("proxy_set_header", "Content-Length", ""),
|
||||||
|
buildDirective("proxy_set_header", "X-Forwarded-Proto", ""),
|
||||||
|
buildDirective("proxy_set_header", "X-Request-ID", "$req_id"),
|
||||||
|
buildDirective("proxy_set_header", "Host", locationConfig.externalAuth.Host),
|
||||||
|
buildDirective("proxy_set_header", "X-Original-URL", "$scheme://$http_host$request_uri"),
|
||||||
|
buildDirective("proxy_set_header", "X-Original-Method", "$request_method"),
|
||||||
|
buildDirective("proxy_set_header", "X-Sent-From", "nginx-ingress-controller"),
|
||||||
|
buildDirective("proxy_set_header", "X-Real-IP", "$remote_addr"),
|
||||||
)
|
)
|
||||||
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_pass_request_body", "off"))
|
|
||||||
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_ssl_server_name", "on"))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_pass_request_headers", "on"))
|
|
||||||
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "Content-Length", ""))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Forwarded-Proto", ""))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Request-ID", "$req_id"))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "Host", locationConfig.externalAuth.Host))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Original-URL", "$scheme://$http_host$request_uri"))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Original-Method", "$request_method"))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Sent-From", "nginx-ingress-controller"))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Real-IP", "$remote_addr"))
|
|
||||||
|
|
||||||
if locationConfig.externalAuth.Method != "" {
|
if locationConfig.externalAuth.Method != "" {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("proxy_method", locationConfig.externalAuth.Method))
|
buildDirective("proxy_method", locationConfig.externalAuth.Method),
|
||||||
locationDirectives = append(locationDirectives,
|
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"),
|
||||||
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme"))
|
buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -178,8 +162,7 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
||||||
|
|
||||||
if locationConfig.externalAuth.Method != "" {
|
if locationConfig.externalAuth.Method != "" {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"))
|
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"),
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme"))
|
buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -192,11 +175,10 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
||||||
}
|
}
|
||||||
|
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("proxy_buffer_size", location.Proxy.BufferSize))
|
buildDirective("proxy_buffer_size", location.Proxy.BufferSize),
|
||||||
locationDirectives = append(locationDirectives,
|
buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize),
|
||||||
buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize))
|
buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering),
|
||||||
locationDirectives = append(locationDirectives,
|
)
|
||||||
buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering))
|
|
||||||
|
|
||||||
if isValidByteSize(location.Proxy.BodySize, true) {
|
if isValidByteSize(location.Proxy.BodySize, true) {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
|
|
@ -210,13 +192,10 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
||||||
|
|
||||||
if server.CertificateAuth.CAFileName != "" {
|
if server.CertificateAuth.CAFileName != "" {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("proxy_set_header", "ssl-client-verify", "$ssl_client_verify"))
|
buildDirective("proxy_set_header", "ssl-client-verify", "$ssl_client_verify"),
|
||||||
|
buildDirective("proxy_set_header", "ssl-client-subject-dn", "$ssl_client_s_dn"),
|
||||||
locationDirectives = append(locationDirectives,
|
buildDirective("proxy_set_header", "ssl-client-issuer-dn", "$ssl_client_i_dn"),
|
||||||
buildDirective("proxy_set_header", "ssl-client-subject-dn", "$ssl_client_s_dn"))
|
)
|
||||||
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("proxy_set_header", "ssl-client-issuer-dn", "$ssl_client_i_dn"))
|
|
||||||
|
|
||||||
if server.CertificateAuth.PassCertToUpstream {
|
if server.CertificateAuth.PassCertToUpstream {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
|
|
@ -231,16 +210,13 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
||||||
|
|
||||||
if locationConfig.applyAuthUpstream && locationConfig.applyGlobalAuth {
|
if locationConfig.applyAuthUpstream && locationConfig.applyGlobalAuth {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("proxy_http_version", "1.1"))
|
buildDirective("proxy_http_version", "1.1"),
|
||||||
locationDirectives = append(locationDirectives,
|
buildDirective("proxy_set_header", "Connection", ""),
|
||||||
buildDirective("proxy_set_header", "Connection", ""))
|
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("set", "$target",
|
buildDirective("set", "$target",
|
||||||
changeHostPort(locationConfig.externalAuth.URL, buildAuthUpstreamName(location, server.Hostname))))
|
changeHostPort(locationConfig.externalAuth.URL, buildAuthUpstreamName(location, server.Hostname))))
|
||||||
} else {
|
} else {
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion))
|
buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion),
|
||||||
locationDirectives = append(locationDirectives,
|
|
||||||
buildDirective("set", "$target", locationConfig.externalAuth.URL))
|
buildDirective("set", "$target", locationConfig.externalAuth.URL))
|
||||||
}
|
}
|
||||||
locationDirectives = append(locationDirectives,
|
locationDirectives = append(locationDirectives,
|
||||||
|
|
|
||||||
|
|
@ -35,12 +35,10 @@ func buildCorsDirectives(locationcors cors.Config) ngx_crossplane.Directives {
|
||||||
buildDirective("set", "$cors", "${cors}options"),
|
buildDirective("set", "$cors", "${cors}options"),
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
)
|
|
||||||
|
|
||||||
directives = append(directives,
|
|
||||||
commonCorsDirective(locationcors, false),
|
commonCorsDirective(locationcors, false),
|
||||||
commonCorsDirective(locationcors, true),
|
commonCorsDirective(locationcors, true),
|
||||||
)
|
)
|
||||||
|
|
||||||
return directives
|
return directives
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -87,12 +87,12 @@ func TestCrossplaneTemplate(t *testing.T) {
|
||||||
ngx_crossplane.MatchHeadersMoreLatest,
|
ngx_crossplane.MatchHeadersMoreLatest,
|
||||||
extramodules.BrotliMatchFn,
|
extramodules.BrotliMatchFn,
|
||||||
extramodules.OpentelemetryMatchFn,
|
extramodules.OpentelemetryMatchFn,
|
||||||
|
extramodules.SetMiscMatchFn,
|
||||||
ngx_crossplane.MatchGeoip2Latest,
|
ngx_crossplane.MatchGeoip2Latest,
|
||||||
},
|
},
|
||||||
LexOptions: ngx_crossplane.LexOptions{
|
LexOptions: ngx_crossplane.LexOptions{
|
||||||
Lexers: []ngx_crossplane.RegisterLexer{lua.RegisterLexer()},
|
Lexers: []ngx_crossplane.RegisterLexer{lua.RegisterLexer()},
|
||||||
},
|
},
|
||||||
IgnoreDirectives: []string{"set_escape_uri"},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
mimeFile, err := os.CreateTemp("", "")
|
mimeFile, err := os.CreateTemp("", "")
|
||||||
|
|
|
||||||
|
|
@ -22,8 +22,6 @@ limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// This file is an extraction from https://github.com/nginxinc/nginx-go-crossplane/blob/main/analyze.go
|
// This file is an extraction from https://github.com/nginxinc/nginx-go-crossplane/blob/main/analyze.go
|
||||||
//
|
|
||||||
//nolint:unused
|
|
||||||
package extramodules
|
package extramodules
|
||||||
|
|
||||||
// bit masks for different directive argument styles.
|
// bit masks for different directive argument styles.
|
||||||
|
|
|
||||||
|
|
@ -14,48 +14,18 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// Code generated by generator; DO NOT EDIT.
|
// As opposite to the other files, this wasn't auto generated but hand crafted.
|
||||||
// All the definitions are extracted from the source code
|
// Please do not change it
|
||||||
// Each bit mask describes these behaviors:
|
|
||||||
// - how many arguments the directive can take
|
|
||||||
// - whether or not it is a block directive
|
|
||||||
// - whether this is a flag (takes one argument that's either "on" or "off")
|
|
||||||
// - which contexts it's allowed to be in
|
|
||||||
|
|
||||||
package extramodules
|
package extramodules
|
||||||
|
|
||||||
var setMiscDirectives = map[string][]uint{
|
var setMiscDirectives = map[string][]uint{
|
||||||
"set_base32_alphabet": {
|
"set_escape_uri": {
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake1,
|
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12,
|
||||||
},
|
},
|
||||||
"set_base32_padding": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfFlag,
|
|
||||||
},
|
|
||||||
"set_decode_base32": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12,
|
|
||||||
},
|
|
||||||
"set_encode_base32": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12,
|
|
||||||
},
|
|
||||||
"set_formatted_gmt_time": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2,
|
|
||||||
},
|
|
||||||
"set_formatted_local_time": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2,
|
|
||||||
},
|
|
||||||
"set_hashed_upstream": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake3,
|
|
||||||
},
|
|
||||||
"set_local_today": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake1,
|
|
||||||
},
|
|
||||||
"set_misc_base32_padding": {
|
|
||||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfFlag,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
func SetMiscMatchFn(directive string) ([]uint, bool) {
|
func SetMiscMatchFn(directive string) ([]uint, bool) {
|
||||||
m, ok := setMiscDirectives[directive]
|
m, ok := setMiscDirectives[directive]
|
||||||
return m, ok
|
return m, ok
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -113,8 +113,10 @@ func (c *Template) buildHTTP() {
|
||||||
|
|
||||||
// HTTP2 Configuration
|
// HTTP2 Configuration
|
||||||
if cfg.HTTP2MaxHeaderSize != "" && cfg.HTTP2MaxFieldSize != "" {
|
if cfg.HTTP2MaxHeaderSize != "" && cfg.HTTP2MaxFieldSize != "" {
|
||||||
httpBlock = append(httpBlock, buildDirective("http2_max_field_size", cfg.HTTP2MaxFieldSize))
|
httpBlock = append(httpBlock,
|
||||||
httpBlock = append(httpBlock, buildDirective("http2_max_header_size", cfg.HTTP2MaxHeaderSize))
|
buildDirective("http2_max_field_size", cfg.HTTP2MaxFieldSize),
|
||||||
|
buildDirective("http2_max_header_size", cfg.HTTP2MaxHeaderSize),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.HTTP2MaxRequests > 0 {
|
if cfg.HTTP2MaxRequests > 0 {
|
||||||
|
|
@ -122,13 +124,15 @@ func (c *Template) buildHTTP() {
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.UseGzip {
|
if cfg.UseGzip {
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip", "on"))
|
httpBlock = append(httpBlock,
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_comp_level", cfg.GzipLevel))
|
buildDirective("gzip", "on"),
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_http_version", "1.1"))
|
buildDirective("gzip_comp_level", cfg.GzipLevel),
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_min_length", cfg.GzipMinLength))
|
buildDirective("gzip_http_version", "1.1"),
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_types", strings.Split(cfg.GzipTypes, " ")))
|
buildDirective("gzip_min_length", cfg.GzipMinLength),
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_proxied", "any"))
|
buildDirective("gzip_types", strings.Split(cfg.GzipTypes, " ")),
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_vary", "on"))
|
buildDirective("gzip_proxied", "any"),
|
||||||
|
buildDirective("gzip_vary", "on"),
|
||||||
|
)
|
||||||
|
|
||||||
if cfg.GzipDisable != "" {
|
if cfg.GzipDisable != "" {
|
||||||
httpBlock = append(httpBlock, buildDirective("gzip_disable", strings.Split(cfg.GzipDisable, " ")))
|
httpBlock = append(httpBlock, buildDirective("gzip_disable", strings.Split(cfg.GzipDisable, " ")))
|
||||||
|
|
@ -346,29 +350,9 @@ func (c *Template) buildHTTP() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
{{ range $server := $servers }}
|
|
||||||
{{ range $location := $server.Locations }}
|
|
||||||
{{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }}
|
|
||||||
{{ $applyAuthUpstream := shouldApplyAuthUpstream $location $all.Cfg }}
|
|
||||||
{{ if and (eq $applyAuthUpstream true) (eq $applyGlobalAuth false) }}
|
|
||||||
## start auth upstream {{ $server.Hostname }}{{ $location.Path }}
|
|
||||||
upstream {{ buildAuthUpstreamName $location $server.Hostname }} {
|
|
||||||
{{- $externalAuth := $location.ExternalAuth }}
|
|
||||||
server {{ extractHostPort $externalAuth.URL }};
|
|
||||||
|
|
||||||
keepalive {{ $externalAuth.KeepaliveConnections }};
|
|
||||||
keepalive_requests {{ $externalAuth.KeepaliveRequests }};
|
|
||||||
keepalive_timeout {{ $externalAuth.KeepaliveTimeout }}s;
|
|
||||||
}
|
|
||||||
## end auth upstream {{ $server.Hostname }}{{ $location.Path }}
|
|
||||||
{{ end }}
|
|
||||||
{{ end }}
|
|
||||||
{{ end }}
|
|
||||||
*/
|
|
||||||
for _, server := range c.tplConfig.Servers {
|
for _, server := range c.tplConfig.Servers {
|
||||||
for _, location := range server.Locations {
|
for _, location := range server.Locations {
|
||||||
if shouldApplyAuthUpstream(location, cfg) && !shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL) {
|
if shouldApplyAuthUpstream(location, &cfg) && !shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL) {
|
||||||
authUpstreamBlock := buildBlockDirective("upstream",
|
authUpstreamBlock := buildBlockDirective("upstream",
|
||||||
[]string{buildAuthUpstreamName(location, server.Hostname)}, ngx_crossplane.Directives{
|
[]string{buildAuthUpstreamName(location, server.Hostname)}, ngx_crossplane.Directives{
|
||||||
buildDirective("server", extractHostPort(location.ExternalAuth.URL)),
|
buildDirective("server", extractHostPort(location.ExternalAuth.URL)),
|
||||||
|
|
@ -387,14 +371,17 @@ func (c *Template) buildHTTP() {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, server := range c.tplConfig.Servers {
|
for _, server := range c.tplConfig.Servers {
|
||||||
httpBlock = append(httpBlock, buildStartServer(server.Hostname))
|
httpBlock = append(httpBlock,
|
||||||
serverBlock := c.buildServerDirective(server)
|
buildStartServer(server.Hostname),
|
||||||
httpBlock = append(httpBlock, serverBlock)
|
c.buildServerDirective(server),
|
||||||
httpBlock = append(httpBlock, buildEndServer(server.Hostname))
|
buildEndServer(server.Hostname),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
httpBlock = append(httpBlock, c.buildDefaultBackend())
|
httpBlock = append(httpBlock,
|
||||||
httpBlock = append(httpBlock, c.buildHealthAndStatsServer())
|
c.buildDefaultBackend(),
|
||||||
|
c.buildHealthAndStatsServer(),
|
||||||
|
)
|
||||||
|
|
||||||
c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{
|
c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{
|
||||||
Directive: "http",
|
Directive: "http",
|
||||||
|
|
|
||||||
|
|
@ -173,7 +173,7 @@ func (c *Template) buildServerLocations(server *ingress.Server, locations []*ing
|
||||||
proxySetHeader: getProxySetHeader(location),
|
proxySetHeader: getProxySetHeader(location),
|
||||||
authPath: buildAuthLocation(location, cfg.GlobalExternalAuth.URL),
|
authPath: buildAuthLocation(location, cfg.GlobalExternalAuth.URL),
|
||||||
applyGlobalAuth: shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL),
|
applyGlobalAuth: shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL),
|
||||||
applyAuthUpstream: shouldApplyAuthUpstream(location, cfg),
|
applyAuthUpstream: shouldApplyAuthUpstream(location, &cfg),
|
||||||
externalAuth: &externalAuth{},
|
externalAuth: &externalAuth{},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -236,7 +236,7 @@ func (c *Template) buildLocation(server *ingress.Server,
|
||||||
buildDirective("set", "$location_path", strings.ReplaceAll(ing.Path, `$`, `${literal_dollar}`)),
|
buildDirective("set", "$location_path", strings.ReplaceAll(ing.Path, `$`, `${literal_dollar}`)),
|
||||||
}
|
}
|
||||||
|
|
||||||
locationDirectives = append(locationDirectives, locationConfigForLua(location, *c.tplConfig)...)
|
locationDirectives = append(locationDirectives, locationConfigForLua(location, c.tplConfig)...)
|
||||||
locationDirectives = append(locationDirectives, buildCertificateDirectives(location)...)
|
locationDirectives = append(locationDirectives, buildCertificateDirectives(location)...)
|
||||||
|
|
||||||
if cfg.Cfg.UseProxyProtocol {
|
if cfg.Cfg.UseProxyProtocol {
|
||||||
|
|
@ -648,7 +648,7 @@ func buildRateLimit(loc *ingress.Location) ngx_crossplane.Directives {
|
||||||
}
|
}
|
||||||
|
|
||||||
// locationConfigForLua formats some location specific configuration into Lua table represented as string
|
// locationConfigForLua formats some location specific configuration into Lua table represented as string
|
||||||
func locationConfigForLua(location *ingress.Location, all config.TemplateConfig) ngx_crossplane.Directives {
|
func locationConfigForLua(location *ingress.Location, all *config.TemplateConfig) ngx_crossplane.Directives {
|
||||||
/* Lua expects the following vars
|
/* Lua expects the following vars
|
||||||
force_ssl_redirect = string_to_bool(ngx.var.force_ssl_redirect),
|
force_ssl_redirect = string_to_bool(ngx.var.force_ssl_redirect),
|
||||||
ssl_redirect = string_to_bool(ngx.var.ssl_redirect),
|
ssl_redirect = string_to_bool(ngx.var.ssl_redirect),
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,6 @@ func (c *Template) buildServerDirective(server *ingress.Server) *ngx_crossplane.
|
||||||
if server.AuthTLSError != "" {
|
if server.AuthTLSError != "" {
|
||||||
serverBlock = append(serverBlock, buildDirective("return", 403))
|
serverBlock = append(serverBlock, buildDirective("return", 403))
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
serverBlock = append(serverBlock, c.buildCertificateDirectives(server)...)
|
serverBlock = append(serverBlock, c.buildCertificateDirectives(server)...)
|
||||||
serverBlock = append(serverBlock, buildCustomErrorLocationsPerServer(server, c.tplConfig.EnableMetrics)...)
|
serverBlock = append(serverBlock, buildCustomErrorLocationsPerServer(server, c.tplConfig.EnableMetrics)...)
|
||||||
serverBlock = append(serverBlock, buildMirrorLocationDirective(server.Locations)...)
|
serverBlock = append(serverBlock, buildMirrorLocationDirective(server.Locations)...)
|
||||||
|
|
@ -119,9 +118,10 @@ func (c *Template) buildCertificateDirectives(server *ingress.Server) ngx_crossp
|
||||||
|
|
||||||
if server.CertificateAuth.CAFileName != "" {
|
if server.CertificateAuth.CAFileName != "" {
|
||||||
certAuth := server.CertificateAuth
|
certAuth := server.CertificateAuth
|
||||||
certDirectives = append(certDirectives, buildDirective("ssl_client_certificate", certAuth.CAFileName))
|
certDirectives = append(certDirectives,
|
||||||
certDirectives = append(certDirectives, buildDirective("ssl_verify_client", certAuth.VerifyClient))
|
buildDirective("ssl_client_certificate", certAuth.CAFileName),
|
||||||
certDirectives = append(certDirectives, buildDirective("ssl_verify_depth", certAuth.ValidationDepth))
|
buildDirective("ssl_verify_client", certAuth.VerifyClient),
|
||||||
|
buildDirective("ssl_verify_depth", certAuth.ValidationDepth))
|
||||||
if certAuth.CRLFileName != "" {
|
if certAuth.CRLFileName != "" {
|
||||||
certDirectives = append(certDirectives, buildDirective("ssl_crl", certAuth.CRLFileName))
|
certDirectives = append(certDirectives, buildDirective("ssl_crl", certAuth.CRLFileName))
|
||||||
}
|
}
|
||||||
|
|
@ -132,19 +132,22 @@ func (c *Template) buildCertificateDirectives(server *ingress.Server) ngx_crossp
|
||||||
|
|
||||||
prxSSL := server.ProxySSL
|
prxSSL := server.ProxySSL
|
||||||
if prxSSL.CAFileName != "" {
|
if prxSSL.CAFileName != "" {
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_trusted_certificate", prxSSL.CAFileName))
|
certDirectives = append(certDirectives, buildDirective("proxy_ssl_trusted_certificate", prxSSL.CAFileName),
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_ciphers", prxSSL.Ciphers))
|
buildDirective("proxy_ssl_ciphers", prxSSL.Ciphers),
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_protocols", strings.Split(prxSSL.Protocols, " ")))
|
buildDirective("proxy_ssl_protocols", strings.Split(prxSSL.Protocols, " ")),
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_verify", prxSSL.Verify))
|
buildDirective("proxy_ssl_verify", prxSSL.Verify),
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_verify_depth", prxSSL.VerifyDepth))
|
buildDirective("proxy_ssl_verify_depth", prxSSL.VerifyDepth),
|
||||||
|
)
|
||||||
if prxSSL.ProxySSLName != "" {
|
if prxSSL.ProxySSLName != "" {
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_name", prxSSL.ProxySSLName))
|
certDirectives = append(certDirectives,
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_server_name", prxSSL.ProxySSLServerName))
|
buildDirective("proxy_ssl_name", prxSSL.ProxySSLName),
|
||||||
|
buildDirective("proxy_ssl_server_name", prxSSL.ProxySSLServerName))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if prxSSL.PemFileName != "" {
|
if prxSSL.PemFileName != "" {
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_certificate", prxSSL.PemFileName))
|
certDirectives = append(certDirectives,
|
||||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_certificate_key", prxSSL.PemFileName))
|
buildDirective("proxy_ssl_certificate", prxSSL.PemFileName),
|
||||||
|
buildDirective("proxy_ssl_certificate_key", prxSSL.PemFileName))
|
||||||
}
|
}
|
||||||
if server.SSLCiphers != "" {
|
if server.SSLCiphers != "" {
|
||||||
certDirectives = append(certDirectives, buildDirective("ssl_ciphers", server.SSLCiphers))
|
certDirectives = append(certDirectives, buildDirective("ssl_ciphers", server.SSLCiphers))
|
||||||
|
|
@ -191,11 +194,12 @@ func (c *Template) buildDefaultBackend() *ngx_crossplane.Directive {
|
||||||
fmt.Sprintf("backlog=%d", c.tplConfig.BacklogSize),
|
fmt.Sprintf("backlog=%d", c.tplConfig.BacklogSize),
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
serverBlock = append(serverBlock, buildDirective("set", "$proxy_upstream_name", "internal"))
|
serverBlock = append(serverBlock,
|
||||||
serverBlock = append(serverBlock, buildDirective("access_log", "off"))
|
buildDirective("set", "$proxy_upstream_name", "internal"),
|
||||||
serverBlock = append(serverBlock, buildBlockDirective("location", []string{"/"}, ngx_crossplane.Directives{
|
buildDirective("access_log", "off"),
|
||||||
buildDirective("return", "404"),
|
buildBlockDirective("location", []string{"/"}, ngx_crossplane.Directives{
|
||||||
}))
|
buildDirective("return", "404"),
|
||||||
|
}))
|
||||||
|
|
||||||
return &ngx_crossplane.Directive{
|
return &ngx_crossplane.Directive{
|
||||||
Directive: "server",
|
Directive: "server",
|
||||||
|
|
@ -228,8 +232,8 @@ func (c *Template) buildHealthAndStatsServer() *ngx_crossplane.Directive {
|
||||||
buildBlockDirective(
|
buildBlockDirective(
|
||||||
"location",
|
"location",
|
||||||
[]string{"/configuration"}, ngx_crossplane.Directives{
|
[]string{"/configuration"}, ngx_crossplane.Directives{
|
||||||
buildDirective("client_max_body_size", luaConfigurationRequestBodySize(c.tplConfig.Cfg)),
|
buildDirective("client_max_body_size", luaConfigurationRequestBodySize(&c.tplConfig.Cfg)),
|
||||||
buildDirective("client_body_buffer_size", luaConfigurationRequestBodySize(c.tplConfig.Cfg)),
|
buildDirective("client_body_buffer_size", luaConfigurationRequestBodySize(&c.tplConfig.Cfg)),
|
||||||
buildDirective("proxy_buffering", "off"),
|
buildDirective("proxy_buffering", "off"),
|
||||||
buildDirective("content_by_lua_file", "/etc/nginx/lua/nginx/ngx_conf_configuration.lua"),
|
buildDirective("content_by_lua_file", "/etc/nginx/lua/nginx/ngx_conf_configuration.lua"),
|
||||||
}),
|
}),
|
||||||
|
|
|
||||||
|
|
@ -289,7 +289,7 @@ func httpListener(addresses []string, co []string, tc *config.TemplateConfig, ss
|
||||||
return listeners
|
return listeners
|
||||||
}
|
}
|
||||||
|
|
||||||
func luaConfigurationRequestBodySize(cfg config.Configuration) string {
|
func luaConfigurationRequestBodySize(cfg *config.Configuration) string {
|
||||||
size := cfg.LuaSharedDicts["configuration_data"]
|
size := cfg.LuaSharedDicts["configuration_data"]
|
||||||
if size < cfg.LuaSharedDicts["certificate_data"] {
|
if size < cfg.LuaSharedDicts["certificate_data"] {
|
||||||
size = cfg.LuaSharedDicts["certificate_data"]
|
size = cfg.LuaSharedDicts["certificate_data"]
|
||||||
|
|
@ -347,7 +347,7 @@ func shouldApplyGlobalAuth(location *ingress.Location, globalExternalAuthURL str
|
||||||
|
|
||||||
// shouldApplyAuthUpstream returns true only in case when ExternalAuth.URL and
|
// shouldApplyAuthUpstream returns true only in case when ExternalAuth.URL and
|
||||||
// ExternalAuth.KeepaliveConnections are all set
|
// ExternalAuth.KeepaliveConnections are all set
|
||||||
func shouldApplyAuthUpstream(location *ingress.Location, cfg config.Configuration) bool {
|
func shouldApplyAuthUpstream(location *ingress.Location, cfg *config.Configuration) bool {
|
||||||
if location.ExternalAuth.URL == "" || location.ExternalAuth.KeepaliveConnections == 0 {
|
if location.ExternalAuth.URL == "" || location.ExternalAuth.KeepaliveConnections == 0 {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -80,7 +81,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -115,7 +117,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -181,7 +184,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -212,7 +216,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
local, err := time.LoadLocation("GMT")
|
local, err := time.LoadLocation("GMT")
|
||||||
|
|
@ -243,7 +248,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -265,7 +271,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -289,7 +296,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -312,7 +320,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -431,7 +440,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -454,7 +464,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
f.HTTPTestClient().
|
f.HTTPTestClient().
|
||||||
|
|
@ -476,7 +487,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) &&
|
return (strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))) &&
|
||||||
strings.Contains(server, "listen 443")
|
strings.Contains(server, "listen 443")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,8 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
// Check configuration
|
// Check configuration
|
||||||
|
|
@ -89,7 +90,8 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
// Check configuration
|
// Check configuration
|
||||||
|
|
|
||||||
|
|
@ -419,7 +419,6 @@ http {
|
||||||
f.EnsureIngress(ing2)
|
f.EnsureIngress(ing2)
|
||||||
|
|
||||||
f.WaitForNginxServer(host, func(server string) bool {
|
f.WaitForNginxServer(host, func(server string) bool {
|
||||||
//nolint:goconst //server_name is a constant
|
|
||||||
return strings.Contains(server, "server_name "+host)
|
return strings.Contains(server, "server_name "+host)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,6 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
|
||||||
return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
|
return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
|
||||||
})
|
})
|
||||||
|
|
||||||
//nolint:goconst //string interpolation
|
|
||||||
conn, err := grpc.NewClient(f.GetNginxIP()+":443",
|
conn, err := grpc.NewClient(f.GetNginxIP()+":443",
|
||||||
grpc.WithTransportCredentials(
|
grpc.WithTransportCredentials(
|
||||||
credentials.NewTLS(&tls.Config{
|
credentials.NewTLS(&tls.Config{
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,8 @@ var _ = framework.DescribeAnnotation("Annotation - limit-connections", func() {
|
||||||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.SlowEchoService, 80, nil)
|
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.SlowEchoService, 80, nil)
|
||||||
f.EnsureIngress(ing)
|
f.EnsureIngress(ing)
|
||||||
f.WaitForNginxServer(host, func(server string) bool {
|
f.WaitForNginxServer(host, func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
// limit connections
|
// limit connections
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,8 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str
|
||||||
f.EnsureIngress(ing)
|
f.EnsureIngress(ing)
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||||
|
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
||||||
|
|
|
||||||
|
|
@ -321,7 +321,7 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
|
||||||
if name == "" {
|
if name == "" {
|
||||||
cmd = "cat /etc/nginx/nginx.conf"
|
cmd = "cat /etc/nginx/nginx.conf"
|
||||||
} else {
|
} else {
|
||||||
cmd = fmt.Sprintf("cat /etc/nginx/nginx.conf | awk '/## start server %s;/,/## end server %s;/'", name, name)
|
cmd = fmt.Sprintf("cat /etc/nginx/nginx.conf | awk '/## start server %s/,/## end server %s/'", name, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
o, err := f.ExecCommand(f.pod, cmd)
|
o, err := f.ExecCommand(f.pod, cmd)
|
||||||
|
|
|
||||||
|
|
@ -234,7 +234,6 @@ func (r *HTTPResponse) checkContentType(expectedType string, expectedCharset ...
|
||||||
}
|
}
|
||||||
|
|
||||||
if mediaType != expectedType {
|
if mediaType != expectedType {
|
||||||
//nolint:goconst //string interpolation
|
|
||||||
r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+
|
r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+
|
||||||
"\nbut got %q", expectedType, mediaType)
|
"\nbut got %q", expectedType, mediaType)
|
||||||
return false
|
return false
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,6 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() {
|
||||||
return strings.Contains(server, fmt.Sprintf("server_name %v", host))
|
return strings.Contains(server, fmt.Sprintf("server_name %v", host))
|
||||||
})
|
})
|
||||||
|
|
||||||
//nolint:goconst //string interpolation
|
|
||||||
events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host})
|
events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host})
|
||||||
assert.Nil(ginkgo.GinkgoT(), err, "listing events")
|
assert.Nil(ginkgo.GinkgoT(), err, "listing events")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,6 @@ var _ = framework.DescribeSetting("enable-real-ip", func() {
|
||||||
|
|
||||||
f.WaitForNginxServer(host,
|
f.WaitForNginxServer(host,
|
||||||
func(server string) bool {
|
func(server string) bool {
|
||||||
//nolint:goconst //already a const
|
|
||||||
return strings.Contains(server, "server_name "+host) &&
|
return strings.Contains(server, "server_name "+host) &&
|
||||||
!strings.Contains(server, "proxy_set_header X-Forwarded-Proto $full_x_forwarded_proto;")
|
!strings.Contains(server, "proxy_set_header X-Forwarded-Proto $full_x_forwarded_proto;")
|
||||||
})
|
})
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue