DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #809 from aledbf/fix-variables-map

Browse source 
Fix dynamic variable name
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-06-02 11:59:32 -04:00 committed by GitHub
commit 66b4c2606b
3 changed files with 33 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
controllers/nginx/pkg/template/template.go
View file

@ -24,6 +24,7 @@ import (
"net" "net"
"os" "os"
"os/exec" "os/exec"
"regexp"
"strings" "strings"
text_template "text/template" text_template "text/template"
@ -31,6 +32,7 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
"github.com/pborman/uuid"
"k8s.io/ingress/controllers/nginx/pkg/config" "k8s.io/ingress/controllers/nginx/pkg/config"
"k8s.io/ingress/core/pkg/ingress" "k8s.io/ingress/core/pkg/ingress"
ing_net "k8s.io/ingress/core/pkg/net" ing_net "k8s.io/ingress/core/pkg/net"
@ -136,6 +138,7 @@ var (
"buildResolvers": buildResolvers, "buildResolvers": buildResolvers,
"isLocationAllowed": isLocationAllowed, "isLocationAllowed": isLocationAllowed,
"buildLogFormatUpstream": buildLogFormatUpstream, "buildLogFormatUpstream": buildLogFormatUpstream,
"buildDenyVariable": buildDenyVariable,
"getenv": os.Getenv, "getenv": os.Getenv,
"contains": strings.Contains, "contains": strings.Contains,
"hasPrefix": strings.HasPrefix, "hasPrefix": strings.HasPrefix,
@ -372,3 +375,23 @@ func isLocationAllowed(input interface{}) bool {
return loc.Denied == nil return loc.Denied == nil
} }
var (
nonAlpha = regexp.MustCompile("[^a-zA-Z0-9]+")
denyPathSlugMap = map[string]string{}
)
// buildDenyVariable returns a nginx variable for a location in a
// server to be used in the whitelist check
// This method uses a unique id generator library to reduce the
// size of the string to be used as a variable in nginx to avoid
// issue with the size of the variable bucket size directive
func buildDenyVariable(a interface{}) string {
l := a.(string)
if _, ok := denyPathSlugMap[l]; !ok {
denyPathSlugMap[l] = uuid.New()
}
return fmt.Sprintf("$deny_%v", denyPathSlugMap[l])
}

8
controllers/nginx/pkg/template/template_test.go
View file

@ -198,3 +198,11 @@ func BenchmarkTemplateWithData(b *testing.B) {
ngxTpl.Write(dat) ngxTpl.Write(dat)
} }
} }
func TestBuildDenyVariable(t *testing.T) {
a := buildDenyVariable("host1.example.com_/.well-known/acme-challenge")
b := buildDenyVariable("host1.example.com_/.well-known/acme-challenge")
if !reflect.DeepEqual(a, b) {
t.Errorf("Expected '%v' but returned '%v'", a, b)
}
}

4
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -245,7 +245,7 @@ http {
{{ if isLocationAllowed $location }} {{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }} {{ if gt (len $location.Whitelist.CIDR) 0 }}
geo $the_real_ip $deny_{{ $server.Hostname }}_{{ $path }} { geo $the_real_ip {{ buildDenyVariable (print $server.Hostname "_" $path) }} {
default 1; default 1;
{{ range $ip := $location.Whitelist.CIDR }} {{ range $ip := $location.Whitelist.CIDR }}
@ -337,7 +337,7 @@ http {
{{ if isLocationAllowed $location }} {{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }} {{ if gt (len $location.Whitelist.CIDR) 0 }}
if ($deny_{{ $server.Hostname }}_{{ $path }}) { if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {
return 403; return 403;
} }
{{ end }} {{ end }}