DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: discover mounted geoip db files (#7228)

Browse source 
* fix: discover mounted geoip db files

* add test

* fix runtime reload of config.MaxmindEditionFiles

* add e2e test

* log missing geoip2 db
This commit is contained in:
Tom Hayward 2021-07-08 17:16:53 -07:00 committed by Kubernetes Prow Robot
parent 45995525e7
commit c9d5b21a65
6 changed files with 127 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cmd/nginx/flags.go
View file

@ -308,15 +308,17 @@ https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-g
} }
var err error var err error
if (nginx.MaxmindLicenseKey != "" || nginx.MaxmindMirror != "") && nginx.MaxmindEditionIDs != "" { if nginx.MaxmindEditionIDs != "" {
if err = nginx.ValidateGeoLite2DBEditions(); err != nil { if err = nginx.ValidateGeoLite2DBEditions(); err != nil {
return false, nil, err return false, nil, err
} }
if nginx.MaxmindLicenseKey != "" || nginx.MaxmindMirror != "" {
klog.InfoS("downloading maxmind GeoIP2 databases") klog.InfoS("downloading maxmind GeoIP2 databases")
if err = nginx.DownloadGeoLite2DB(nginx.MaxmindRetriesCount, nginx.MaxmindRetriesTimeout); err != nil { if err = nginx.DownloadGeoLite2DB(nginx.MaxmindRetriesCount, nginx.MaxmindRetriesTimeout); err != nil {
klog.ErrorS(err, "unexpected error downloading GeoIP2 database") klog.ErrorS(err, "unexpected error downloading GeoIP2 database")
} }
config.MaxmindEditionFiles = nginx.MaxmindEditionFiles }
config.MaxmindEditionFiles = &nginx.MaxmindEditionFiles
} }
return false, config, err return false, config, err

2
internal/ingress/controller/config/config.go
View file

@ -925,7 +925,7 @@ type TemplateConfig struct {
ListenPorts *ListenPorts ListenPorts *ListenPorts
PublishService *apiv1.Service PublishService *apiv1.Service
EnableMetrics bool EnableMetrics bool
MaxmindEditionFiles []string MaxmindEditionFiles *[]string
MonitorMaxBatchSize int MonitorMaxBatchSize int
PID string PID string

2
internal/ingress/controller/controller.go
View file

@ -105,7 +105,7 @@ type Configuration struct {
ValidationWebhookKeyPath string ValidationWebhookKeyPath string
GlobalExternalAuth *ngx_config.GlobalExternalAuth GlobalExternalAuth *ngx_config.GlobalExternalAuth
MaxmindEditionFiles []string MaxmindEditionFiles *[]string
MonitorMaxBatchSize int MonitorMaxBatchSize int

14
internal/nginx/maxmind.go
View file

@ -64,12 +64,19 @@ const (
// GeoLite2DBExists checks if the required databases for // GeoLite2DBExists checks if the required databases for
// the GeoIP2 NGINX module are present in the filesystem // the GeoIP2 NGINX module are present in the filesystem
// and indexes the discovered databases for iteration in
// the config.
func GeoLite2DBExists() bool { func GeoLite2DBExists() bool {
files := []string{}
for _, dbName := range strings.Split(MaxmindEditionIDs, ",") { for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
if !fileExists(path.Join(geoIPPath, dbName+dbExtension)) { filename := dbName + dbExtension
if !fileExists(path.Join(geoIPPath, filename)) {
klog.Error(filename, " not found")
return false return false
} }
files = append(files, filename)
} }
MaxmindEditionFiles = files
return true return true
} }
@ -101,7 +108,6 @@ func DownloadGeoLite2DB(attempts int, period time.Duration) error {
if dlError != nil { if dlError != nil {
break break
} }
MaxmindEditionFiles = append(MaxmindEditionFiles, dbName+dbExtension)
} }
lastErr = dlError lastErr = dlError
@ -217,7 +223,7 @@ func ValidateGeoLite2DBEditions() error {
return nil return nil
} }
func fileExists(filePath string) bool { func _fileExists(filePath string) bool {
info, err := os.Stat(filePath) info, err := os.Stat(filePath)
if os.IsNotExist(err) { if os.IsNotExist(err) {
return false return false
@ -225,3 +231,5 @@ func fileExists(filePath string) bool {
return !info.IsDir() return !info.IsDir()
} }
var fileExists = _fileExists

75
internal/nginx/maxmind_test.go Normal file
View file

@ -0,0 +1,75 @@
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package nginx
import (
"reflect"
"testing"
)
func resetForTesting() {
fileExists = _fileExists
MaxmindLicenseKey = ""
MaxmindEditionIDs = ""
MaxmindEditionFiles = []string{}
MaxmindMirror = ""
}
func TestGeoLite2DBExists(t *testing.T) {
tests := []struct {
name string
setup func()
want bool
wantFiles []string
}{
{
name: "empty",
wantFiles: []string{},
},
{
name: "existing files",
setup: func() {
MaxmindEditionIDs = "GeoLite2-City,GeoLite2-ASN"
fileExists = func(string) bool {
return true
}
},
want: true,
wantFiles: []string{"GeoLite2-City.mmdb", "GeoLite2-ASN.mmdb"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
resetForTesting()
// mimics assignment in flags.go
config := &MaxmindEditionFiles
if tt.setup != nil {
tt.setup()
}
if got := GeoLite2DBExists(); got != tt.want {
t.Errorf("GeoLite2DBExists() = %v, want %v", got, tt.want)
}
if !reflect.DeepEqual(MaxmindEditionFiles, tt.wantFiles) {
t.Errorf("nginx.MaxmindEditionFiles = %v, want %v", MaxmindEditionFiles, tt.wantFiles)
}
if !reflect.DeepEqual(*config, tt.wantFiles) {
t.Errorf("config.MaxmindEditionFiles = %v, want %v", *config, tt.wantFiles)
}
})
}
}

32
test/e2e/settings/geoip2.go
View file

@ -17,15 +17,23 @@ limitations under the License.
package settings package settings
import ( import (
"context"
"fmt"
"path/filepath"
"strings" "strings"
"net/http" "net/http"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/test/e2e/framework" "k8s.io/ingress-nginx/test/e2e/framework"
) )
const testdataURL = "https://github.com/maxmind/MaxMind-DB/blob/5a0be1c0320490b8e4379dbd5295a18a648ff156/test-data/GeoLite2-Country-Test.mmdb?raw=true"
var _ = framework.DescribeSetting("Geoip2", func() { var _ = framework.DescribeSetting("Geoip2", func() {
f := framework.NewDefaultFramework("geoip2") f := framework.NewDefaultFramework("geoip2")
@ -35,6 +43,30 @@ var _ = framework.DescribeSetting("Geoip2", func() {
f.NewEchoDeployment() f.NewEchoDeployment()
}) })
ginkgo.It("should include geoip2 line in config when enabled and db file exists", func() {
edition := "GeoLite2-Country"
err := f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
args := deployment.Spec.Template.Spec.Containers[0].Args
args = append(args, "--maxmind-edition-ids="+edition)
deployment.Spec.Template.Spec.Containers[0].Args = args
_, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{})
return err
})
assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment flags")
filename := fmt.Sprintf("/etc/nginx/geoip/%s.mmdb", edition)
exec, err := f.ExecIngressPod(fmt.Sprintf(`sh -c "mkdir -p '%s' && wget -O '%s' '%s' 2>&1"`, filepath.Dir(filename), filename, testdataURL))
framework.Logf(exec)
assert.Nil(ginkgo.GinkgoT(), err, fmt.Sprintln("error downloading test geoip2 db", filename))
f.UpdateNginxConfigMapData("use-geoip2", "true")
f.WaitForNginxConfiguration(
func(cfg string) bool {
return strings.Contains(cfg, fmt.Sprintf("geoip2 %s", filename))
})
})
ginkgo.It("should only allow requests from specific countries", func() { ginkgo.It("should only allow requests from specific countries", func() {
ginkgo.Skip("GeoIP test are temporarily disabled") ginkgo.Skip("GeoIP test are temporarily disabled")