Merge pull request #809 from aledbf/fix-variables-map
Fix dynamic variable name
This commit is contained in:
Manuel Alejandro de Brito Fontes
GitHub
commit
66b4c2606b
3 changed files with 33 additions and 2 deletions
|
|
@ -24,6 +24,7 @@ import (
|
|||
"net"
|
||||
"os"
|
||||
"os/exec"
|
||||
"regexp"
|
||||
"strings"
|
||||
text_template "text/template"
|
||||
|
||||
|
|
@ -31,6 +32,7 @@ import (
|
|||
|
||||
"github.com/golang/glog"
|
||||
|
||||
"github.com/pborman/uuid"
|
||||
"k8s.io/ingress/controllers/nginx/pkg/config"
|
||||
"k8s.io/ingress/core/pkg/ingress"
|
||||
ing_net "k8s.io/ingress/core/pkg/net"
|
||||
|
|
@ -136,6 +138,7 @@ var (
|
|||
"buildResolvers": buildResolvers,
|
||||
"isLocationAllowed": isLocationAllowed,
|
||||
"buildLogFormatUpstream": buildLogFormatUpstream,
|
||||
"buildDenyVariable": buildDenyVariable,
|
||||
"getenv": os.Getenv,
|
||||
"contains": strings.Contains,
|
||||
"hasPrefix": strings.HasPrefix,
|
||||
|
|
@ -372,3 +375,23 @@ func isLocationAllowed(input interface{}) bool {
|
|||
|
||||
return loc.Denied == nil
|
||||
}
|
||||
|
||||
var (
|
||||
nonAlpha = regexp.MustCompile("[^a-zA-Z0-9]+")
|
||||
denyPathSlugMap = map[string]string{}
|
||||
)
|
||||
|
||||
// buildDenyVariable returns a nginx variable for a location in a
|
||||
// server to be used in the whitelist check
|
||||
// This method uses a unique id generator library to reduce the
|
||||
// size of the string to be used as a variable in nginx to avoid
|
||||
// issue with the size of the variable bucket size directive
|
||||
func buildDenyVariable(a interface{}) string {
|
||||
l := a.(string)
|
||||
|
||||
if _, ok := denyPathSlugMap[l]; !ok {
|
||||
denyPathSlugMap[l] = uuid.New()
|
||||
}
|
||||
|
||||
return fmt.Sprintf("$deny_%v", denyPathSlugMap[l])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -198,3 +198,11 @@ func BenchmarkTemplateWithData(b *testing.B) {
|
|||
ngxTpl.Write(dat)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildDenyVariable(t *testing.T) {
|
||||
a := buildDenyVariable("host1.example.com_/.well-known/acme-challenge")
|
||||
b := buildDenyVariable("host1.example.com_/.well-known/acme-challenge")
|
||||
if !reflect.DeepEqual(a, b) {
|
||||
t.Errorf("Expected '%v' but returned '%v'", a, b)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -245,7 +245,7 @@ http {
|
|||
|
||||
{{ if isLocationAllowed $location }}
|
||||
{{ if gt (len $location.Whitelist.CIDR) 0 }}
|
||||
geo $the_real_ip $deny_{{ $server.Hostname }}_{{ $path }} {
|
||||
geo $the_real_ip {{ buildDenyVariable (print $server.Hostname "_" $path) }} {
|
||||
default 1;
|
||||
|
||||
{{ range $ip := $location.Whitelist.CIDR }}
|
||||
|
|
@ -337,7 +337,7 @@ http {
|
|||
|
||||
{{ if isLocationAllowed $location }}
|
||||
{{ if gt (len $location.Whitelist.CIDR) 0 }}
|
||||
if ($deny_{{ $server.Hostname }}_{{ $path }}) {
|
||||
if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {
|
||||
return 403;
|
||||
}
|
||||
{{ end }}
|
||||
|
|
|
|||
Loading…
Reference in a new issue