Fix lint, extra module, test assertions
This commit is contained in:
Ricardo Katz
parent
d6cc3fd6e1
commit
65c047c3cb
22 changed files with 123 additions and 181 deletions
|
|
@ -133,7 +133,6 @@ func TestSSLPassthrough(t *testing.T) {
|
|||
ec := NewAnnotationExtractor(mockCfg{})
|
||||
ing := buildIngress()
|
||||
|
||||
//nolint:goconst //already a constant
|
||||
fooAnns := []struct {
|
||||
annotations map[string]string
|
||||
er bool
|
||||
|
|
|
|||
|
|
@ -49,8 +49,6 @@ var (
|
|||
|
||||
// IsValidRegex checks if the tested string can be used as a regex, but without any weird character.
|
||||
// It includes regex characters for paths that may contain regexes
|
||||
//
|
||||
//nolint:goconst //already a constant
|
||||
var IsValidRegex = regexp.MustCompile("^[/" + alphaNumericChars + regexEnabledChars + "]*$")
|
||||
|
||||
// SizeRegex validates sizes understood by NGINX, like 1000, 100k, 1000M
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ import (
|
|||
const (
|
||||
tempNginxPattern = "nginx-cfg"
|
||||
emptyUID = "-1"
|
||||
goTemplateEngine = "go-template"
|
||||
)
|
||||
|
||||
// NewNGINXController creates a new NGINX Ingress controller.
|
||||
|
|
@ -159,7 +160,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro
|
|||
}
|
||||
|
||||
onTemplateChange := func() {
|
||||
if config.ConfigurationTemplateEngine != "go-template" {
|
||||
if config.ConfigurationTemplateEngine != goTemplateEngine {
|
||||
return
|
||||
}
|
||||
template, err := ngx_template.NewTemplate(nginx.TemplatePath)
|
||||
|
|
@ -176,7 +177,7 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro
|
|||
|
||||
var ngxTpl ngx_template.Writer
|
||||
switch config.ConfigurationTemplateEngine {
|
||||
case "go-template":
|
||||
case goTemplateEngine:
|
||||
ngxTpl, err = ngx_template.NewTemplate(nginx.TemplatePath)
|
||||
if err != nil {
|
||||
klog.Fatalf("Invalid NGINX configuration template: %v", err)
|
||||
|
|
@ -887,7 +888,7 @@ func (n *NGINXController) configureDynamically(pcfg *ingress.Configuration) erro
|
|||
}
|
||||
}
|
||||
|
||||
if n.cfg.ConfigurationTemplateEngine == "go-template" {
|
||||
if n.cfg.ConfigurationTemplateEngine == goTemplateEngine {
|
||||
streamConfigurationChanged := !reflect.DeepEqual(n.runningConfig.TCPEndpoints, pcfg.TCPEndpoints) || !reflect.DeepEqual(n.runningConfig.UDPEndpoints, pcfg.UDPEndpoints)
|
||||
if streamConfigurationChanged {
|
||||
err := updateStreamConfiguration(pcfg.TCPEndpoints, pcfg.UDPEndpoints)
|
||||
|
|
|
|||
|
|
@ -124,39 +124,23 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
|||
*/
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("set", "$proxy_upstream_name", location.Backend),
|
||||
buildDirective("proxy_pass_request_body", "off"),
|
||||
buildDirective("proxy_ssl_server_name", "on"),
|
||||
buildDirective("proxy_pass_request_headers", "on"),
|
||||
buildDirective("proxy_set_header", "Content-Length", ""),
|
||||
buildDirective("proxy_set_header", "X-Forwarded-Proto", ""),
|
||||
buildDirective("proxy_set_header", "X-Request-ID", "$req_id"),
|
||||
buildDirective("proxy_set_header", "Host", locationConfig.externalAuth.Host),
|
||||
buildDirective("proxy_set_header", "X-Original-URL", "$scheme://$http_host$request_uri"),
|
||||
buildDirective("proxy_set_header", "X-Original-Method", "$request_method"),
|
||||
buildDirective("proxy_set_header", "X-Sent-From", "nginx-ingress-controller"),
|
||||
buildDirective("proxy_set_header", "X-Real-IP", "$remote_addr"),
|
||||
)
|
||||
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_pass_request_body", "off"))
|
||||
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_ssl_server_name", "on"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_pass_request_headers", "on"))
|
||||
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "Content-Length", ""))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Forwarded-Proto", ""))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Request-ID", "$req_id"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "Host", locationConfig.externalAuth.Host))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Original-URL", "$scheme://$http_host$request_uri"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Original-Method", "$request_method"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Sent-From", "nginx-ingress-controller"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Real-IP", "$remote_addr"))
|
||||
|
||||
if locationConfig.externalAuth.Method != "" {
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_method", locationConfig.externalAuth.Method))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_method", locationConfig.externalAuth.Method),
|
||||
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"),
|
||||
buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme"))
|
||||
}
|
||||
|
||||
|
|
@ -178,8 +162,7 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
|||
|
||||
if locationConfig.externalAuth.Method != "" {
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "X-Original-URI", "$request_uri"),
|
||||
buildDirective("proxy_set_header", "X-Scheme", "$pass_access_scheme"))
|
||||
}
|
||||
|
||||
|
|
@ -192,11 +175,10 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
|||
}
|
||||
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_buffer_size", location.Proxy.BufferSize))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering))
|
||||
buildDirective("proxy_buffer_size", location.Proxy.BufferSize),
|
||||
buildDirective("proxy_buffers", location.Proxy.BuffersNumber, location.Proxy.BufferSize),
|
||||
buildDirective("proxy_request_buffering", location.Proxy.RequestBuffering),
|
||||
)
|
||||
|
||||
if isValidByteSize(location.Proxy.BodySize, true) {
|
||||
locationDirectives = append(locationDirectives,
|
||||
|
|
@ -210,13 +192,10 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
|||
|
||||
if server.CertificateAuth.CAFileName != "" {
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "ssl-client-verify", "$ssl_client_verify"))
|
||||
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "ssl-client-subject-dn", "$ssl_client_s_dn"))
|
||||
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "ssl-client-issuer-dn", "$ssl_client_i_dn"))
|
||||
buildDirective("proxy_set_header", "ssl-client-verify", "$ssl_client_verify"),
|
||||
buildDirective("proxy_set_header", "ssl-client-subject-dn", "$ssl_client_s_dn"),
|
||||
buildDirective("proxy_set_header", "ssl-client-issuer-dn", "$ssl_client_i_dn"),
|
||||
)
|
||||
|
||||
if server.CertificateAuth.PassCertToUpstream {
|
||||
locationDirectives = append(locationDirectives,
|
||||
|
|
@ -231,16 +210,13 @@ func (c *Template) buildAuthLocation(server *ingress.Server,
|
|||
|
||||
if locationConfig.applyAuthUpstream && locationConfig.applyGlobalAuth {
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_http_version", "1.1"))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_set_header", "Connection", ""))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_http_version", "1.1"),
|
||||
buildDirective("proxy_set_header", "Connection", ""),
|
||||
buildDirective("set", "$target",
|
||||
changeHostPort(locationConfig.externalAuth.URL, buildAuthUpstreamName(location, server.Hostname))))
|
||||
} else {
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion))
|
||||
locationDirectives = append(locationDirectives,
|
||||
buildDirective("proxy_http_version", location.Proxy.ProxyHTTPVersion),
|
||||
buildDirective("set", "$target", locationConfig.externalAuth.URL))
|
||||
}
|
||||
locationDirectives = append(locationDirectives,
|
||||
|
|
|
|||
|
|
@ -35,12 +35,10 @@ func buildCorsDirectives(locationcors cors.Config) ngx_crossplane.Directives {
|
|||
buildDirective("set", "$cors", "${cors}options"),
|
||||
},
|
||||
),
|
||||
)
|
||||
|
||||
directives = append(directives,
|
||||
commonCorsDirective(locationcors, false),
|
||||
commonCorsDirective(locationcors, true),
|
||||
)
|
||||
|
||||
return directives
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -87,12 +87,12 @@ func TestCrossplaneTemplate(t *testing.T) {
|
|||
ngx_crossplane.MatchHeadersMoreLatest,
|
||||
extramodules.BrotliMatchFn,
|
||||
extramodules.OpentelemetryMatchFn,
|
||||
extramodules.SetMiscMatchFn,
|
||||
ngx_crossplane.MatchGeoip2Latest,
|
||||
},
|
||||
LexOptions: ngx_crossplane.LexOptions{
|
||||
Lexers: []ngx_crossplane.RegisterLexer{lua.RegisterLexer()},
|
||||
},
|
||||
IgnoreDirectives: []string{"set_escape_uri"},
|
||||
}
|
||||
|
||||
mimeFile, err := os.CreateTemp("", "")
|
||||
|
|
|
|||
|
|
@ -22,8 +22,6 @@ limitations under the License.
|
|||
*/
|
||||
|
||||
// This file is an extraction from https://github.com/nginxinc/nginx-go-crossplane/blob/main/analyze.go
|
||||
//
|
||||
//nolint:unused
|
||||
package extramodules
|
||||
|
||||
// bit masks for different directive argument styles.
|
||||
|
|
|
|||
|
|
@ -14,47 +14,17 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by generator; DO NOT EDIT.
|
||||
// All the definitions are extracted from the source code
|
||||
// Each bit mask describes these behaviors:
|
||||
// - how many arguments the directive can take
|
||||
// - whether or not it is a block directive
|
||||
// - whether this is a flag (takes one argument that's either "on" or "off")
|
||||
// - which contexts it's allowed to be in
|
||||
// As opposite to the other files, this wasn't auto generated but hand crafted.
|
||||
// Please do not change it
|
||||
|
||||
package extramodules
|
||||
|
||||
var setMiscDirectives = map[string][]uint{
|
||||
"set_base32_alphabet": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake1,
|
||||
},
|
||||
"set_base32_padding": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfFlag,
|
||||
},
|
||||
"set_decode_base32": {
|
||||
"set_escape_uri": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12,
|
||||
},
|
||||
"set_encode_base32": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake12,
|
||||
},
|
||||
"set_formatted_gmt_time": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2,
|
||||
},
|
||||
"set_formatted_local_time": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake2,
|
||||
},
|
||||
"set_hashed_upstream": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake3,
|
||||
},
|
||||
"set_local_today": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfTake1,
|
||||
},
|
||||
"set_misc_base32_padding": {
|
||||
ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPSifConf | ngxHTTPLocConf | ngxHTTPLifConf | ngxConfFlag,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
func SetMiscMatchFn(directive string) ([]uint, bool) {
|
||||
m, ok := setMiscDirectives[directive]
|
||||
return m, ok
|
||||
|
|
|
|||
|
|
@ -113,8 +113,10 @@ func (c *Template) buildHTTP() {
|
|||
|
||||
// HTTP2 Configuration
|
||||
if cfg.HTTP2MaxHeaderSize != "" && cfg.HTTP2MaxFieldSize != "" {
|
||||
httpBlock = append(httpBlock, buildDirective("http2_max_field_size", cfg.HTTP2MaxFieldSize))
|
||||
httpBlock = append(httpBlock, buildDirective("http2_max_header_size", cfg.HTTP2MaxHeaderSize))
|
||||
httpBlock = append(httpBlock,
|
||||
buildDirective("http2_max_field_size", cfg.HTTP2MaxFieldSize),
|
||||
buildDirective("http2_max_header_size", cfg.HTTP2MaxHeaderSize),
|
||||
)
|
||||
}
|
||||
|
||||
if cfg.HTTP2MaxRequests > 0 {
|
||||
|
|
@ -122,13 +124,15 @@ func (c *Template) buildHTTP() {
|
|||
}
|
||||
|
||||
if cfg.UseGzip {
|
||||
httpBlock = append(httpBlock, buildDirective("gzip", "on"))
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_comp_level", cfg.GzipLevel))
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_http_version", "1.1"))
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_min_length", cfg.GzipMinLength))
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_types", strings.Split(cfg.GzipTypes, " ")))
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_proxied", "any"))
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_vary", "on"))
|
||||
httpBlock = append(httpBlock,
|
||||
buildDirective("gzip", "on"),
|
||||
buildDirective("gzip_comp_level", cfg.GzipLevel),
|
||||
buildDirective("gzip_http_version", "1.1"),
|
||||
buildDirective("gzip_min_length", cfg.GzipMinLength),
|
||||
buildDirective("gzip_types", strings.Split(cfg.GzipTypes, " ")),
|
||||
buildDirective("gzip_proxied", "any"),
|
||||
buildDirective("gzip_vary", "on"),
|
||||
)
|
||||
|
||||
if cfg.GzipDisable != "" {
|
||||
httpBlock = append(httpBlock, buildDirective("gzip_disable", strings.Split(cfg.GzipDisable, " ")))
|
||||
|
|
@ -346,29 +350,9 @@ func (c *Template) buildHTTP() {
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
{{ range $server := $servers }}
|
||||
{{ range $location := $server.Locations }}
|
||||
{{ $applyGlobalAuth := shouldApplyGlobalAuth $location $all.Cfg.GlobalExternalAuth.URL }}
|
||||
{{ $applyAuthUpstream := shouldApplyAuthUpstream $location $all.Cfg }}
|
||||
{{ if and (eq $applyAuthUpstream true) (eq $applyGlobalAuth false) }}
|
||||
## start auth upstream {{ $server.Hostname }}{{ $location.Path }}
|
||||
upstream {{ buildAuthUpstreamName $location $server.Hostname }} {
|
||||
{{- $externalAuth := $location.ExternalAuth }}
|
||||
server {{ extractHostPort $externalAuth.URL }};
|
||||
|
||||
keepalive {{ $externalAuth.KeepaliveConnections }};
|
||||
keepalive_requests {{ $externalAuth.KeepaliveRequests }};
|
||||
keepalive_timeout {{ $externalAuth.KeepaliveTimeout }}s;
|
||||
}
|
||||
## end auth upstream {{ $server.Hostname }}{{ $location.Path }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
*/
|
||||
for _, server := range c.tplConfig.Servers {
|
||||
for _, location := range server.Locations {
|
||||
if shouldApplyAuthUpstream(location, cfg) && !shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL) {
|
||||
if shouldApplyAuthUpstream(location, &cfg) && !shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL) {
|
||||
authUpstreamBlock := buildBlockDirective("upstream",
|
||||
[]string{buildAuthUpstreamName(location, server.Hostname)}, ngx_crossplane.Directives{
|
||||
buildDirective("server", extractHostPort(location.ExternalAuth.URL)),
|
||||
|
|
@ -387,14 +371,17 @@ func (c *Template) buildHTTP() {
|
|||
}
|
||||
|
||||
for _, server := range c.tplConfig.Servers {
|
||||
httpBlock = append(httpBlock, buildStartServer(server.Hostname))
|
||||
serverBlock := c.buildServerDirective(server)
|
||||
httpBlock = append(httpBlock, serverBlock)
|
||||
httpBlock = append(httpBlock, buildEndServer(server.Hostname))
|
||||
httpBlock = append(httpBlock,
|
||||
buildStartServer(server.Hostname),
|
||||
c.buildServerDirective(server),
|
||||
buildEndServer(server.Hostname),
|
||||
)
|
||||
}
|
||||
|
||||
httpBlock = append(httpBlock, c.buildDefaultBackend())
|
||||
httpBlock = append(httpBlock, c.buildHealthAndStatsServer())
|
||||
httpBlock = append(httpBlock,
|
||||
c.buildDefaultBackend(),
|
||||
c.buildHealthAndStatsServer(),
|
||||
)
|
||||
|
||||
c.config.Parsed = append(c.config.Parsed, &ngx_crossplane.Directive{
|
||||
Directive: "http",
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ func (c *Template) buildServerLocations(server *ingress.Server, locations []*ing
|
|||
proxySetHeader: getProxySetHeader(location),
|
||||
authPath: buildAuthLocation(location, cfg.GlobalExternalAuth.URL),
|
||||
applyGlobalAuth: shouldApplyGlobalAuth(location, cfg.GlobalExternalAuth.URL),
|
||||
applyAuthUpstream: shouldApplyAuthUpstream(location, cfg),
|
||||
applyAuthUpstream: shouldApplyAuthUpstream(location, &cfg),
|
||||
externalAuth: &externalAuth{},
|
||||
}
|
||||
|
||||
|
|
@ -236,7 +236,7 @@ func (c *Template) buildLocation(server *ingress.Server,
|
|||
buildDirective("set", "$location_path", strings.ReplaceAll(ing.Path, `$`, `${literal_dollar}`)),
|
||||
}
|
||||
|
||||
locationDirectives = append(locationDirectives, locationConfigForLua(location, *c.tplConfig)...)
|
||||
locationDirectives = append(locationDirectives, locationConfigForLua(location, c.tplConfig)...)
|
||||
locationDirectives = append(locationDirectives, buildCertificateDirectives(location)...)
|
||||
|
||||
if cfg.Cfg.UseProxyProtocol {
|
||||
|
|
@ -648,7 +648,7 @@ func buildRateLimit(loc *ingress.Location) ngx_crossplane.Directives {
|
|||
}
|
||||
|
||||
// locationConfigForLua formats some location specific configuration into Lua table represented as string
|
||||
func locationConfigForLua(location *ingress.Location, all config.TemplateConfig) ngx_crossplane.Directives {
|
||||
func locationConfigForLua(location *ingress.Location, all *config.TemplateConfig) ngx_crossplane.Directives {
|
||||
/* Lua expects the following vars
|
||||
force_ssl_redirect = string_to_bool(ngx.var.force_ssl_redirect),
|
||||
ssl_redirect = string_to_bool(ngx.var.ssl_redirect),
|
||||
|
|
|
|||
|
|
@ -56,7 +56,6 @@ func (c *Template) buildServerDirective(server *ingress.Server) *ngx_crossplane.
|
|||
if server.AuthTLSError != "" {
|
||||
serverBlock = append(serverBlock, buildDirective("return", 403))
|
||||
} else {
|
||||
|
||||
serverBlock = append(serverBlock, c.buildCertificateDirectives(server)...)
|
||||
serverBlock = append(serverBlock, buildCustomErrorLocationsPerServer(server, c.tplConfig.EnableMetrics)...)
|
||||
serverBlock = append(serverBlock, buildMirrorLocationDirective(server.Locations)...)
|
||||
|
|
@ -119,9 +118,10 @@ func (c *Template) buildCertificateDirectives(server *ingress.Server) ngx_crossp
|
|||
|
||||
if server.CertificateAuth.CAFileName != "" {
|
||||
certAuth := server.CertificateAuth
|
||||
certDirectives = append(certDirectives, buildDirective("ssl_client_certificate", certAuth.CAFileName))
|
||||
certDirectives = append(certDirectives, buildDirective("ssl_verify_client", certAuth.VerifyClient))
|
||||
certDirectives = append(certDirectives, buildDirective("ssl_verify_depth", certAuth.ValidationDepth))
|
||||
certDirectives = append(certDirectives,
|
||||
buildDirective("ssl_client_certificate", certAuth.CAFileName),
|
||||
buildDirective("ssl_verify_client", certAuth.VerifyClient),
|
||||
buildDirective("ssl_verify_depth", certAuth.ValidationDepth))
|
||||
if certAuth.CRLFileName != "" {
|
||||
certDirectives = append(certDirectives, buildDirective("ssl_crl", certAuth.CRLFileName))
|
||||
}
|
||||
|
|
@ -132,19 +132,22 @@ func (c *Template) buildCertificateDirectives(server *ingress.Server) ngx_crossp
|
|||
|
||||
prxSSL := server.ProxySSL
|
||||
if prxSSL.CAFileName != "" {
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_trusted_certificate", prxSSL.CAFileName))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_ciphers", prxSSL.Ciphers))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_protocols", strings.Split(prxSSL.Protocols, " ")))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_verify", prxSSL.Verify))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_verify_depth", prxSSL.VerifyDepth))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_trusted_certificate", prxSSL.CAFileName),
|
||||
buildDirective("proxy_ssl_ciphers", prxSSL.Ciphers),
|
||||
buildDirective("proxy_ssl_protocols", strings.Split(prxSSL.Protocols, " ")),
|
||||
buildDirective("proxy_ssl_verify", prxSSL.Verify),
|
||||
buildDirective("proxy_ssl_verify_depth", prxSSL.VerifyDepth),
|
||||
)
|
||||
if prxSSL.ProxySSLName != "" {
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_name", prxSSL.ProxySSLName))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_server_name", prxSSL.ProxySSLServerName))
|
||||
certDirectives = append(certDirectives,
|
||||
buildDirective("proxy_ssl_name", prxSSL.ProxySSLName),
|
||||
buildDirective("proxy_ssl_server_name", prxSSL.ProxySSLServerName))
|
||||
}
|
||||
}
|
||||
if prxSSL.PemFileName != "" {
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_certificate", prxSSL.PemFileName))
|
||||
certDirectives = append(certDirectives, buildDirective("proxy_ssl_certificate_key", prxSSL.PemFileName))
|
||||
certDirectives = append(certDirectives,
|
||||
buildDirective("proxy_ssl_certificate", prxSSL.PemFileName),
|
||||
buildDirective("proxy_ssl_certificate_key", prxSSL.PemFileName))
|
||||
}
|
||||
if server.SSLCiphers != "" {
|
||||
certDirectives = append(certDirectives, buildDirective("ssl_ciphers", server.SSLCiphers))
|
||||
|
|
@ -191,9 +194,10 @@ func (c *Template) buildDefaultBackend() *ngx_crossplane.Directive {
|
|||
fmt.Sprintf("backlog=%d", c.tplConfig.BacklogSize),
|
||||
))
|
||||
}
|
||||
serverBlock = append(serverBlock, buildDirective("set", "$proxy_upstream_name", "internal"))
|
||||
serverBlock = append(serverBlock, buildDirective("access_log", "off"))
|
||||
serverBlock = append(serverBlock, buildBlockDirective("location", []string{"/"}, ngx_crossplane.Directives{
|
||||
serverBlock = append(serverBlock,
|
||||
buildDirective("set", "$proxy_upstream_name", "internal"),
|
||||
buildDirective("access_log", "off"),
|
||||
buildBlockDirective("location", []string{"/"}, ngx_crossplane.Directives{
|
||||
buildDirective("return", "404"),
|
||||
}))
|
||||
|
||||
|
|
@ -228,8 +232,8 @@ func (c *Template) buildHealthAndStatsServer() *ngx_crossplane.Directive {
|
|||
buildBlockDirective(
|
||||
"location",
|
||||
[]string{"/configuration"}, ngx_crossplane.Directives{
|
||||
buildDirective("client_max_body_size", luaConfigurationRequestBodySize(c.tplConfig.Cfg)),
|
||||
buildDirective("client_body_buffer_size", luaConfigurationRequestBodySize(c.tplConfig.Cfg)),
|
||||
buildDirective("client_max_body_size", luaConfigurationRequestBodySize(&c.tplConfig.Cfg)),
|
||||
buildDirective("client_body_buffer_size", luaConfigurationRequestBodySize(&c.tplConfig.Cfg)),
|
||||
buildDirective("proxy_buffering", "off"),
|
||||
buildDirective("content_by_lua_file", "/etc/nginx/lua/nginx/ngx_conf_configuration.lua"),
|
||||
}),
|
||||
|
|
|
|||
|
|
@ -289,7 +289,7 @@ func httpListener(addresses []string, co []string, tc *config.TemplateConfig, ss
|
|||
return listeners
|
||||
}
|
||||
|
||||
func luaConfigurationRequestBodySize(cfg config.Configuration) string {
|
||||
func luaConfigurationRequestBodySize(cfg *config.Configuration) string {
|
||||
size := cfg.LuaSharedDicts["configuration_data"]
|
||||
if size < cfg.LuaSharedDicts["certificate_data"] {
|
||||
size = cfg.LuaSharedDicts["certificate_data"]
|
||||
|
|
@ -347,7 +347,7 @@ func shouldApplyGlobalAuth(location *ingress.Location, globalExternalAuthURL str
|
|||
|
||||
// shouldApplyAuthUpstream returns true only in case when ExternalAuth.URL and
|
||||
// ExternalAuth.KeepaliveConnections are all set
|
||||
func shouldApplyAuthUpstream(location *ingress.Location, cfg config.Configuration) bool {
|
||||
func shouldApplyAuthUpstream(location *ingress.Location, cfg *config.Configuration) bool {
|
||||
if location.ExternalAuth.URL == "" || location.ExternalAuth.KeepaliveConnections == 0 {
|
||||
return false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,7 +58,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -80,7 +81,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -115,7 +117,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -181,7 +184,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -212,7 +216,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
local, err := time.LoadLocation("GMT")
|
||||
|
|
@ -243,7 +248,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -265,7 +271,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -289,7 +296,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -312,7 +320,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -431,7 +440,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -454,7 +464,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
f.HTTPTestClient().
|
||||
|
|
@ -476,7 +487,8 @@ var _ = framework.DescribeAnnotation("affinity session-cookie-name", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) &&
|
||||
return (strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))) &&
|
||||
strings.Contains(server, "listen 443")
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -56,7 +56,8 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
// Check configuration
|
||||
|
|
@ -89,7 +90,8 @@ var _ = framework.DescribeAnnotation("affinitymode", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
// Check configuration
|
||||
|
|
|
|||
|
|
@ -419,7 +419,6 @@ http {
|
|||
f.EnsureIngress(ing2)
|
||||
|
||||
f.WaitForNginxServer(host, func(server string) bool {
|
||||
//nolint:goconst //server_name is a constant
|
||||
return strings.Contains(server, "server_name "+host)
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -106,7 +106,6 @@ var _ = framework.DescribeAnnotation("backend-protocol - GRPC", func() {
|
|||
return strings.Contains(server, "grpc_pass grpc://upstream_balancer;")
|
||||
})
|
||||
|
||||
//nolint:goconst //string interpolation
|
||||
conn, err := grpc.NewClient(f.GetNginxIP()+":443",
|
||||
grpc.WithTransportCredentials(
|
||||
credentials.NewTLS(&tls.Config{
|
||||
|
|
|
|||
|
|
@ -41,7 +41,8 @@ var _ = framework.DescribeAnnotation("Annotation - limit-connections", func() {
|
|||
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.SlowEchoService, 80, nil)
|
||||
f.EnsureIngress(ing)
|
||||
f.WaitForNginxServer(host, func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
// limit connections
|
||||
|
|
|
|||
|
|
@ -36,7 +36,8 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str
|
|||
f.EnsureIngress(ing)
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host))
|
||||
return strings.Contains(server, fmt.Sprintf("server_name %s;", host)) ||
|
||||
strings.Contains(server, fmt.Sprintf("server_name %s ;", host))
|
||||
})
|
||||
|
||||
//nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated
|
||||
|
|
|
|||
|
|
@ -321,7 +321,7 @@ func (f *Framework) matchNginxConditions(name string, matcher func(cfg string) b
|
|||
if name == "" {
|
||||
cmd = "cat /etc/nginx/nginx.conf"
|
||||
} else {
|
||||
cmd = fmt.Sprintf("cat /etc/nginx/nginx.conf | awk '/## start server %s;/,/## end server %s;/'", name, name)
|
||||
cmd = fmt.Sprintf("cat /etc/nginx/nginx.conf | awk '/## start server %s/,/## end server %s/'", name, name)
|
||||
}
|
||||
|
||||
o, err := f.ExecCommand(f.pod, cmd)
|
||||
|
|
|
|||
|
|
@ -234,7 +234,6 @@ func (r *HTTPResponse) checkContentType(expectedType string, expectedCharset ...
|
|||
}
|
||||
|
||||
if mediaType != expectedType {
|
||||
//nolint:goconst //string interpolation
|
||||
r.chain.fail("\nexpected \"Content-Type\" header with %q media type,"+
|
||||
"\nbut got %q", expectedType, mediaType)
|
||||
return false
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ var _ = framework.IngressNginxDescribe("[Flag] disable-sync-events", func() {
|
|||
return strings.Contains(server, fmt.Sprintf("server_name %v", host))
|
||||
})
|
||||
|
||||
//nolint:goconst //string interpolation
|
||||
events, err := f.KubeClientSet.CoreV1().Events(ing.Namespace).List(context.TODO(), metav1.ListOptions{FieldSelector: "reason=Sync,involvedObject.name=" + host})
|
||||
assert.Nil(ginkgo.GinkgoT(), err, "listing events")
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ var _ = framework.DescribeSetting("enable-real-ip", func() {
|
|||
|
||||
f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
//nolint:goconst //already a const
|
||||
return strings.Contains(server, "server_name "+host) &&
|
||||
!strings.Contains(server, "proxy_set_header X-Forwarded-Proto $full_x_forwarded_proto;")
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in a new issue