From cc28290c4e69e3a0023be8d40007524036769dd2 Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Tue, 21 Nov 2023 17:08:51 +0000 Subject: [PATCH 01/10] makeHTTP(s)Listener and tests --- .../version2/nginx-plus.virtualserver.tmpl | 27 +--- .../configs/version2/nginx.virtualserver.tmpl | 29 +--- internal/configs/version2/template_helper.go | 77 ++++++++++ .../configs/version2/template_helper_test.go | 131 +++++++++++++++++- 4 files changed, 213 insertions(+), 51 deletions(-) diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index c1e62f019c..72190d09b5 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -65,16 +65,8 @@ proxy_cache_path /var/cache/nginx/jwks_uri_{{$s.VSName}} levels=1 keys_zone=jwks server { {{ if $s.Gunzip }}gunzip on;{{end}} - {{ if not $s.CustomListeners }} - listen 80{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:80{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ else }} - {{ if (gt $s.HTTPPort 0) }} - listen {{ $s.HTTPPort }}{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:{{ $s.HTTPPort }}{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ end }} - {{ end }} - + {{ makeHTTPListener $s | printf }} + server_name {{ $s.ServerName }}; status_zone {{ $s.StatusZone }}; set $resource_type "virtualserver"; @@ -105,20 +97,11 @@ server { set_real_ip_from unix:; real_ip_header proxy_protocol; {{ else }} - {{ if not $s.CustomListeners }} - listen 443 ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:443 ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ else }} - {{ if (gt $s.HTTPSPort 0) }} - listen {{ $s.HTTPSPort }} ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:{{ $s.HTTPSPort }} ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ end }} + {{ makeHTTPSListener $s | printf }} {{ end }} - {{ end }} - - {{ if $ssl.HTTP2 }} + {{ if $ssl.HTTP2 }} http2 on; - {{ end }} + {{ end }} {{ if $ssl.RejectHandshake }} ssl_reject_handshake on; diff --git a/internal/configs/version2/nginx.virtualserver.tmpl b/internal/configs/version2/nginx.virtualserver.tmpl index fee0066a24..7bc0f45d45 100644 --- a/internal/configs/version2/nginx.virtualserver.tmpl +++ b/internal/configs/version2/nginx.virtualserver.tmpl @@ -42,15 +42,8 @@ limit_req_zone {{ $z.Key }} zone={{ $z.ZoneName }}:{{ $z.ZoneSize }} rate={{ $z. {{ $s := .Server }} server { {{ if $s.Gunzip }}gunzip on;{{end}} - {{ if not $s.CustomListeners }} - listen 80{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:80{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ else }} - {{ if (gt $s.HTTPPort 0) }} - listen {{ $s.HTTPPort }}{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:{{ $s.HTTPPort }}{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ end }} - {{ end }} + + {{ makeHTTPListener $s | printf }} server_name {{ $s.ServerName }}; @@ -59,28 +52,18 @@ server { set $resource_namespace "{{$s.VSNamespace}}"; + {{ with $ssl := $s.SSL }} {{ if $s.TLSPassthrough }} listen unix:/var/lib/nginx/passthrough-https.sock proxy_protocol; set_real_ip_from unix:; real_ip_header proxy_protocol; {{ else }} - {{ if not $s.CustomListeners }} - listen 443 ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:443 ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ else }} - {{ if (gt $s.HTTPSPort 0) }} - listen {{ $s.HTTPSPort }} ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }}; - {{ if not $s.DisableIPV6 }}listen [::]:{{ $s.HTTPSPort }} ssl{{ if $s.ProxyProtocol }} proxy_protocol{{ end }};{{ end }} - {{ end }} - {{ end }} + {{ makeHTTPSListener $s | printf }} {{ end }} - - {{ if $ssl.HTTP2 }} + {{ if $ssl.HTTP2 }} http2 on; - {{ end }} - - + {{ end }} {{ if $ssl.RejectHandshake }} ssl_reject_handshake on; {{ else if $.SpiffeCerts }} diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index 22289e3e6a..4f63cd8833 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -1,10 +1,18 @@ package version2 import ( + "strconv" "strings" "text/template" ) +type ListenerType int + +const ( + HTTP ListenerType = iota + HTTPS +) + func headerListToCIMap(headers []Header) map[string]string { ret := make(map[string]string) @@ -20,6 +28,73 @@ func hasCIKey(key string, d map[string]string) bool { return ok } +func makeListener(listenerType ListenerType, s Server) string { + var directives string + + if !s.CustomListeners { + directives += "listen" + if listenerType == HTTP { + directives += " 80" + } else if listenerType == HTTPS { + directives += " 443 ssl" + } + if s.ProxyProtocol { + directives += " proxy_protocol" + } + directives += ";\n" + + if !s.DisableIPV6 { + directives += "listen [::]:" + if listenerType == HTTP { + directives += "80" + } else if listenerType == HTTPS { + directives += "443 ssl" + } + if s.ProxyProtocol { + directives += " proxy_protocol" + } + directives += ";\n" + } + } else { + if listenerType == HTTP && s.HTTPPort > 0 || listenerType == HTTPS && s.HTTPSPort > 0 { + directives += "listen" + if listenerType == HTTP { + directives += " " + strconv.Itoa(s.HTTPPort) + } else if listenerType == HTTPS { + directives += " " + strconv.Itoa(s.HTTPSPort) + " ssl" + } + + if s.ProxyProtocol { + directives += " proxy_protocol" + } + directives += ";\n" + + if !s.DisableIPV6 { + directives += "listen [::]:" + if listenerType == HTTP { + directives += strconv.Itoa(s.HTTPPort) + } else if listenerType == HTTPS { + directives += strconv.Itoa(s.HTTPSPort) + " ssl" + } + if s.ProxyProtocol { + directives += " proxy_protocol" + } + directives += ";\n" + } + } + } + + return directives +} + +func makeHTTPListener(s Server) string { + return makeListener(HTTP, s) +} + +func makeHTTPSListener(s Server) string { + return makeListener(HTTPS, s) +} + var helperFunctions = template.FuncMap{ "headerListToCIMap": headerListToCIMap, "hasCIKey": hasCIKey, @@ -28,4 +103,6 @@ var helperFunctions = template.FuncMap{ "hasSuffix": strings.HasSuffix, "toLower": strings.ToLower, "toUpper": strings.ToUpper, + "makeHTTPListener": makeHTTPListener, + "makeHTTPSListener": makeHTTPSListener, } diff --git a/internal/configs/version2/template_helper_test.go b/internal/configs/version2/template_helper_test.go index dfba45a8b3..f4297a4543 100644 --- a/internal/configs/version2/template_helper_test.go +++ b/internal/configs/version2/template_helper_test.go @@ -123,14 +123,12 @@ func TestToUpperInputString(t *testing.T) { t.Parallel() tmpl := newToUpperTemplate(t) + testCases := []struct { - InputString string - expected string + server Server + expected string }{ - {InputString: "foobar", expected: "FOOBAR"}, - {InputString: "FOOBAR", expected: "FOOBAR"}, - {InputString: "fOoBaR", expected: "FOOBAR"}, - {InputString: "", expected: ""}, + {server: Server{}, expected: "FOOBAR"}, } for _, tc := range testCases { @@ -145,6 +143,127 @@ func TestToUpperInputString(t *testing.T) { } } +func TestMakeHTTPListener(t *testing.T) { + t.Parallel() + + testCases := []struct { + server Server + expected string + }{ + {server: Server{ + CustomListeners: false, + DisableIPV6: true, + ProxyProtocol: false, + }, expected: "listen 80;\n"}, + {server: Server{ + CustomListeners: false, + DisableIPV6: false, + ProxyProtocol: false, + }, expected: "listen 80;\nlisten [::]:80;\n"}, + {server: Server{ + CustomListeners: false, + DisableIPV6: true, + ProxyProtocol: true, + }, expected: "listen 80 proxy_protocol;\n"}, + {server: Server{ + CustomListeners: false, + DisableIPV6: false, + ProxyProtocol: true, + }, expected: "listen 80 proxy_protocol;\nlisten [::]:80 proxy_protocol;\n"}, + {server: Server{ + CustomListeners: true, + HTTPPort: 81, + DisableIPV6: true, + ProxyProtocol: false, + }, expected: "listen 81;\n"}, + {server: Server{ + CustomListeners: true, + HTTPPort: 81, + DisableIPV6: false, + ProxyProtocol: false, + }, expected: "listen 81;\nlisten [::]:81;\n"}, + {server: Server{ + CustomListeners: true, + HTTPPort: 81, + DisableIPV6: true, + ProxyProtocol: true, + }, expected: "listen 81 proxy_protocol;\n"}, + {server: Server{ + CustomListeners: true, + HTTPPort: 81, + DisableIPV6: false, + ProxyProtocol: true, + }, expected: "listen 81 proxy_protocol;\nlisten [::]:81 proxy_protocol;\n"}, + } + + for _, tc := range testCases { + var got = makeHTTPListener(tc.server) + if got != tc.expected { + t.Errorf("Function generated wrong config, got %v but expected %v.", got, tc.expected) + } + } +} + +func TestMakeHTTPSListener(t *testing.T) { + t.Parallel() + + testCases := []struct { + server Server + expected string + }{ + {server: Server{ + CustomListeners: false, + DisableIPV6: true, + ProxyProtocol: false, + }, expected: "listen 443 ssl;\n"}, + {server: Server{ + CustomListeners: false, + DisableIPV6: false, + ProxyProtocol: false, + }, expected: "listen 443 ssl;\nlisten [::]:443 ssl;\n"}, + {server: Server{ + CustomListeners: false, + DisableIPV6: true, + ProxyProtocol: true, + }, expected: "listen 443 ssl proxy_protocol;\n"}, + {server: Server{ + CustomListeners: false, + DisableIPV6: false, + ProxyProtocol: true, + }, expected: "listen 443 ssl proxy_protocol;\nlisten [::]:443 ssl proxy_protocol;\n"}, + {server: Server{ + CustomListeners: true, + HTTPSPort: 444, + DisableIPV6: true, + ProxyProtocol: false, + }, expected: "listen 444 ssl;\n"}, + {server: Server{ + CustomListeners: true, + HTTPSPort: 444, + DisableIPV6: false, + ProxyProtocol: false, + }, expected: "listen 444 ssl;\nlisten [::]:444 ssl;\n"}, + {server: Server{ + CustomListeners: true, + HTTPSPort: 444, + DisableIPV6: true, + ProxyProtocol: true, + }, expected: "listen 444 ssl proxy_protocol;\n"}, + {server: Server{ + CustomListeners: true, + HTTPSPort: 444, + DisableIPV6: false, + ProxyProtocol: true, + }, expected: "listen 444 ssl proxy_protocol;\nlisten [::]:444 ssl proxy_protocol;\n"}, + } + for _, tc := range testCases { + var got = makeHTTPSListener(tc.server) + if got != tc.expected { + t.Errorf("Function generated wrong config, got %v but expected %v.", got, tc.expected) + } + } +} + func newContainsTemplate(t *testing.T) *template.Template { t.Helper() tmpl, err := template.New("testTemplate").Funcs(helperFunctions).Parse(`{{contains .InputString .Substring}}`) From 061b94193adad4bd21573bb6f485f49cbab94750 Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Tue, 21 Nov 2023 17:28:40 +0000 Subject: [PATCH 02/10] fix test --- internal/configs/version2/template_helper.go | 26 +++++++++---------- .../configs/version2/template_helper_test.go | 10 ++++--- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index 4f63cd8833..14e4788849 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -9,8 +9,8 @@ import ( type ListenerType int const ( - HTTP ListenerType = iota - HTTPS + http ListenerType = iota + https ) func headerListToCIMap(headers []Header) map[string]string { @@ -33,9 +33,9 @@ func makeListener(listenerType ListenerType, s Server) string { if !s.CustomListeners { directives += "listen" - if listenerType == HTTP { + if listenerType == http { directives += " 80" - } else if listenerType == HTTPS { + } else if listenerType == https { directives += " 443 ssl" } if s.ProxyProtocol { @@ -45,9 +45,9 @@ func makeListener(listenerType ListenerType, s Server) string { if !s.DisableIPV6 { directives += "listen [::]:" - if listenerType == HTTP { + if listenerType == http { directives += "80" - } else if listenerType == HTTPS { + } else if listenerType == https { directives += "443 ssl" } if s.ProxyProtocol { @@ -56,11 +56,11 @@ func makeListener(listenerType ListenerType, s Server) string { directives += ";\n" } } else { - if listenerType == HTTP && s.HTTPPort > 0 || listenerType == HTTPS && s.HTTPSPort > 0 { + if listenerType == http && s.HTTPPort > 0 || listenerType == https && s.HTTPSPort > 0 { directives += "listen" - if listenerType == HTTP { + if listenerType == http { directives += " " + strconv.Itoa(s.HTTPPort) - } else if listenerType == HTTPS { + } else if listenerType == https { directives += " " + strconv.Itoa(s.HTTPSPort) + " ssl" } @@ -71,9 +71,9 @@ func makeListener(listenerType ListenerType, s Server) string { if !s.DisableIPV6 { directives += "listen [::]:" - if listenerType == HTTP { + if listenerType == http { directives += strconv.Itoa(s.HTTPPort) - } else if listenerType == HTTPS { + } else if listenerType == https { directives += strconv.Itoa(s.HTTPSPort) + " ssl" } if s.ProxyProtocol { @@ -88,11 +88,11 @@ func makeListener(listenerType ListenerType, s Server) string { } func makeHTTPListener(s Server) string { - return makeListener(HTTP, s) + return makeListener(http, s) } func makeHTTPSListener(s Server) string { - return makeListener(HTTPS, s) + return makeListener(https, s) } var helperFunctions = template.FuncMap{ diff --git a/internal/configs/version2/template_helper_test.go b/internal/configs/version2/template_helper_test.go index f4297a4543..17a0f7ec53 100644 --- a/internal/configs/version2/template_helper_test.go +++ b/internal/configs/version2/template_helper_test.go @@ -123,12 +123,14 @@ func TestToUpperInputString(t *testing.T) { t.Parallel() tmpl := newToUpperTemplate(t) - testCases := []struct { - server Server - expected string + InputString string + expected string }{ - {server: Server{}, expected: "FOOBAR"}, + {InputString: "foobar", expected: "FOOBAR"}, + {InputString: "FOOBAR", expected: "FOOBAR"}, + {InputString: "fOoBaR", expected: "FOOBAR"}, + {InputString: "", expected: ""}, } for _, tc := range testCases { From e961f23b952c70da4184bdf12e061ed3e20d66f4 Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Tue, 21 Nov 2023 17:44:58 +0000 Subject: [PATCH 03/10] reduce cyclomatic complexity --- internal/configs/version2/template_helper.go | 124 +++++++++++-------- 1 file changed, 74 insertions(+), 50 deletions(-) diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index 14e4788849..c034615e6c 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -6,13 +6,20 @@ import ( "text/template" ) -type ListenerType int +type Protocol int const ( - http ListenerType = iota + http Protocol = iota https ) +type ListenType int + +const ( + ipv4 ListenType = iota + ipv6 +) + func headerListToCIMap(headers []Header) map[string]string { ret := make(map[string]string) @@ -28,65 +35,82 @@ func hasCIKey(key string, d map[string]string) bool { return ok } -func makeListener(listenerType ListenerType, s Server) string { +func makeListener(listenerType Protocol, s Server) string { var directives string if !s.CustomListeners { - directives += "listen" - if listenerType == http { - directives += " 80" - } else if listenerType == https { - directives += " 443 ssl" - } - if s.ProxyProtocol { - directives += " proxy_protocol" - } - directives += ";\n" + directives += buildDefaultListenerDirectives(listenerType, s) + } else { + directives += buildCustomListenerDirectives(listenerType, s) + } + + return directives +} + +func buildDefaultListenerDirectives(listenerType Protocol, s Server) string { + var directives string + port := getDefaultPort(listenerType) + + directives += buildListenDirective(port, s.ProxyProtocol, ipv4) + + if !s.DisableIPV6 { + directives += buildListenDirective(port, s.ProxyProtocol, ipv6) + } + + return directives +} + +func buildCustomListenerDirectives(listenerType Protocol, s Server) string { + var directives string + + if (listenerType == http && s.HTTPPort > 0) || (listenerType == https && s.HTTPSPort > 0) { + port := getCustomPort(listenerType, s) + directives += buildListenDirective(port, s.ProxyProtocol, ipv4) if !s.DisableIPV6 { - directives += "listen [::]:" - if listenerType == http { - directives += "80" - } else if listenerType == https { - directives += "443 ssl" - } - if s.ProxyProtocol { - directives += " proxy_protocol" - } - directives += ";\n" - } - } else { - if listenerType == http && s.HTTPPort > 0 || listenerType == https && s.HTTPSPort > 0 { - directives += "listen" - if listenerType == http { - directives += " " + strconv.Itoa(s.HTTPPort) - } else if listenerType == https { - directives += " " + strconv.Itoa(s.HTTPSPort) + " ssl" - } - - if s.ProxyProtocol { - directives += " proxy_protocol" - } - directives += ";\n" - - if !s.DisableIPV6 { - directives += "listen [::]:" - if listenerType == http { - directives += strconv.Itoa(s.HTTPPort) - } else if listenerType == https { - directives += strconv.Itoa(s.HTTPSPort) + " ssl" - } - if s.ProxyProtocol { - directives += " proxy_protocol" - } - directives += ";\n" - } + directives += buildListenDirective(port, s.ProxyProtocol, ipv6) } } return directives } +func getDefaultPort(listenerType Protocol) string { + if listenerType == http { + return "80" + } else if listenerType == https { + return "443 ssl" + } + return "" +} + +func getCustomPort(listenerType Protocol, s Server) string { + if listenerType == http { + return strconv.Itoa(s.HTTPPort) + } else if listenerType == https { + return strconv.Itoa(s.HTTPSPort) + " ssl" + } + return "" +} + +func buildListenDirective(port string, proxyProtocol bool, listenType ListenType) string { + base := "listen" + var directive string + + if listenType == ipv6 { + directive = base + " [::]:" + port + } else { + directive = base + " " + port + } + + if proxyProtocol { + directive += " proxy_protocol" + } + + directive += ";\n" + return directive +} + func makeHTTPListener(s Server) string { return makeListener(http, s) } From 9bcd4327b33a86b2946bdc015f3370b759957770 Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Tue, 21 Nov 2023 17:48:23 +0000 Subject: [PATCH 04/10] gofumpt and unexport enums --- internal/configs/version2/template_helper.go | 20 +++++++++---------- .../configs/version2/template_helper_test.go | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index c034615e6c..6e0ebf2fa4 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -6,17 +6,17 @@ import ( "text/template" ) -type Protocol int +type protocol int const ( - http Protocol = iota + http protocol = iota https ) -type ListenType int +type listenerType int const ( - ipv4 ListenType = iota + ipv4 listenerType = iota ipv6 ) @@ -35,7 +35,7 @@ func hasCIKey(key string, d map[string]string) bool { return ok } -func makeListener(listenerType Protocol, s Server) string { +func makeListener(listenerType protocol, s Server) string { var directives string if !s.CustomListeners { @@ -47,7 +47,7 @@ func makeListener(listenerType Protocol, s Server) string { return directives } -func buildDefaultListenerDirectives(listenerType Protocol, s Server) string { +func buildDefaultListenerDirectives(listenerType protocol, s Server) string { var directives string port := getDefaultPort(listenerType) @@ -60,7 +60,7 @@ func buildDefaultListenerDirectives(listenerType Protocol, s Server) string { return directives } -func buildCustomListenerDirectives(listenerType Protocol, s Server) string { +func buildCustomListenerDirectives(listenerType protocol, s Server) string { var directives string if (listenerType == http && s.HTTPPort > 0) || (listenerType == https && s.HTTPSPort > 0) { @@ -75,7 +75,7 @@ func buildCustomListenerDirectives(listenerType Protocol, s Server) string { return directives } -func getDefaultPort(listenerType Protocol) string { +func getDefaultPort(listenerType protocol) string { if listenerType == http { return "80" } else if listenerType == https { @@ -84,7 +84,7 @@ func getDefaultPort(listenerType Protocol) string { return "" } -func getCustomPort(listenerType Protocol, s Server) string { +func getCustomPort(listenerType protocol, s Server) string { if listenerType == http { return strconv.Itoa(s.HTTPPort) } else if listenerType == https { @@ -93,7 +93,7 @@ func getCustomPort(listenerType Protocol, s Server) string { return "" } -func buildListenDirective(port string, proxyProtocol bool, listenType ListenType) string { +func buildListenDirective(port string, proxyProtocol bool, listenType listenerType) string { base := "listen" var directive string diff --git a/internal/configs/version2/template_helper_test.go b/internal/configs/version2/template_helper_test.go index 17a0f7ec53..3fa0857093 100644 --- a/internal/configs/version2/template_helper_test.go +++ b/internal/configs/version2/template_helper_test.go @@ -199,7 +199,7 @@ func TestMakeHTTPListener(t *testing.T) { } for _, tc := range testCases { - var got = makeHTTPListener(tc.server) + got := makeHTTPListener(tc.server) if got != tc.expected { t.Errorf("Function generated wrong config, got %v but expected %v.", got, tc.expected) } @@ -259,7 +259,7 @@ func TestMakeHTTPSListener(t *testing.T) { }, expected: "listen 444 ssl proxy_protocol;\nlisten [::]:444 ssl proxy_protocol;\n"}, } for _, tc := range testCases { - var got = makeHTTPSListener(tc.server) + got := makeHTTPSListener(tc.server) if got != tc.expected { t.Errorf("Function generated wrong config, got %v but expected %v.", got, tc.expected) } From 669f1dcc459fd42d034bf7caca3ceb915f9ea88d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 17:57:24 +0000 Subject: [PATCH 05/10] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- internal/configs/version2/nginx-plus.virtualserver.tmpl | 6 +++--- internal/configs/version2/nginx.virtualserver.tmpl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index 72190d09b5..1197d513b6 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -65,8 +65,8 @@ proxy_cache_path /var/cache/nginx/jwks_uri_{{$s.VSName}} levels=1 keys_zone=jwks server { {{ if $s.Gunzip }}gunzip on;{{end}} - {{ makeHTTPListener $s | printf }} - + {{ makeHTTPListener $s | printf }} + server_name {{ $s.ServerName }}; status_zone {{ $s.StatusZone }}; set $resource_type "virtualserver"; @@ -97,7 +97,7 @@ server { set_real_ip_from unix:; real_ip_header proxy_protocol; {{ else }} - {{ makeHTTPSListener $s | printf }} + {{ makeHTTPSListener $s | printf }} {{ end }} {{ if $ssl.HTTP2 }} http2 on; diff --git a/internal/configs/version2/nginx.virtualserver.tmpl b/internal/configs/version2/nginx.virtualserver.tmpl index 7bc0f45d45..b74c53524d 100644 --- a/internal/configs/version2/nginx.virtualserver.tmpl +++ b/internal/configs/version2/nginx.virtualserver.tmpl @@ -42,8 +42,8 @@ limit_req_zone {{ $z.Key }} zone={{ $z.ZoneName }}:{{ $z.ZoneSize }} rate={{ $z. {{ $s := .Server }} server { {{ if $s.Gunzip }}gunzip on;{{end}} - - {{ makeHTTPListener $s | printf }} + + {{ makeHTTPListener $s | printf }} server_name {{ $s.ServerName }}; @@ -59,7 +59,7 @@ server { set_real_ip_from unix:; real_ip_header proxy_protocol; {{ else }} - {{ makeHTTPSListener $s | printf }} + {{ makeHTTPSListener $s | printf }} {{ end }} {{ if $ssl.HTTP2 }} http2 on; From 61ab1610ac58287ad9850ab2ecaef2f5f10669ae Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Thu, 23 Nov 2023 09:33:36 +0000 Subject: [PATCH 06/10] reduce code paths --- internal/configs/version2/template_helper.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index 6e0ebf2fa4..7c73b572f8 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -78,19 +78,17 @@ func buildCustomListenerDirectives(listenerType protocol, s Server) string { func getDefaultPort(listenerType protocol) string { if listenerType == http { return "80" - } else if listenerType == https { + } else { return "443 ssl" } - return "" } func getCustomPort(listenerType protocol, s Server) string { if listenerType == http { return strconv.Itoa(s.HTTPPort) - } else if listenerType == https { + } else { return strconv.Itoa(s.HTTPSPort) + " ssl" } - return "" } func buildListenDirective(port string, proxyProtocol bool, listenType listenerType) string { From e9d01c97847969df74e39c1f9768a835609589cd Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Thu, 23 Nov 2023 09:38:29 +0000 Subject: [PATCH 07/10] fix lint --- internal/configs/version2/template_helper.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index 7c73b572f8..e058451e6c 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -78,17 +78,15 @@ func buildCustomListenerDirectives(listenerType protocol, s Server) string { func getDefaultPort(listenerType protocol) string { if listenerType == http { return "80" - } else { - return "443 ssl" } + return "443 ssl" } func getCustomPort(listenerType protocol, s Server) string { if listenerType == http { return strconv.Itoa(s.HTTPPort) - } else { - return strconv.Itoa(s.HTTPSPort) + " ssl" } + return strconv.Itoa(s.HTTPSPort) + " ssl" } func buildListenDirective(port string, proxyProtocol bool, listenType listenerType) string { From f64440779bbf43ca6243557d2928cdeb4db986ac Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Fri, 24 Nov 2023 12:26:08 +0000 Subject: [PATCH 08/10] fix formatting --- internal/configs/version2/nginx-plus.virtualserver.tmpl | 2 +- internal/configs/version2/nginx.virtualserver.tmpl | 2 +- internal/configs/version2/template_helper.go | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index 1197d513b6..ce5486b08d 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -97,7 +97,7 @@ server { set_real_ip_from unix:; real_ip_header proxy_protocol; {{ else }} - {{ makeHTTPSListener $s | printf }} + {{ makeHTTPSListener $s | printf }} {{ end }} {{ if $ssl.HTTP2 }} http2 on; diff --git a/internal/configs/version2/nginx.virtualserver.tmpl b/internal/configs/version2/nginx.virtualserver.tmpl index b74c53524d..dce1d0f518 100644 --- a/internal/configs/version2/nginx.virtualserver.tmpl +++ b/internal/configs/version2/nginx.virtualserver.tmpl @@ -59,7 +59,7 @@ server { set_real_ip_from unix:; real_ip_header proxy_protocol; {{ else }} - {{ makeHTTPSListener $s | printf }} + {{ makeHTTPSListener $s | printf }} {{ end }} {{ if $ssl.HTTP2 }} http2 on; diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go index e058451e6c..c09e26a9ce 100644 --- a/internal/configs/version2/template_helper.go +++ b/internal/configs/version2/template_helper.go @@ -20,6 +20,8 @@ const ( ipv6 ) +const spacing = " " + func headerListToCIMap(headers []Header) map[string]string { ret := make(map[string]string) @@ -54,6 +56,7 @@ func buildDefaultListenerDirectives(listenerType protocol, s Server) string { directives += buildListenDirective(port, s.ProxyProtocol, ipv4) if !s.DisableIPV6 { + directives += spacing directives += buildListenDirective(port, s.ProxyProtocol, ipv6) } @@ -68,6 +71,7 @@ func buildCustomListenerDirectives(listenerType protocol, s Server) string { directives += buildListenDirective(port, s.ProxyProtocol, ipv4) if !s.DisableIPV6 { + directives += spacing directives += buildListenDirective(port, s.ProxyProtocol, ipv6) } } From 6dcec4a5a24ab9519ce51cd25bb37bbfba164794 Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Fri, 24 Nov 2023 12:48:22 +0000 Subject: [PATCH 09/10] fix tests with spacing --- .../configs/version2/template_helper_test.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/configs/version2/template_helper_test.go b/internal/configs/version2/template_helper_test.go index 3fa0857093..a96855e792 100644 --- a/internal/configs/version2/template_helper_test.go +++ b/internal/configs/version2/template_helper_test.go @@ -161,7 +161,7 @@ func TestMakeHTTPListener(t *testing.T) { CustomListeners: false, DisableIPV6: false, ProxyProtocol: false, - }, expected: "listen 80;\nlisten [::]:80;\n"}, + }, expected: "listen 80;\n listen [::]:80;\n"}, {server: Server{ CustomListeners: false, DisableIPV6: true, @@ -171,7 +171,7 @@ func TestMakeHTTPListener(t *testing.T) { CustomListeners: false, DisableIPV6: false, ProxyProtocol: true, - }, expected: "listen 80 proxy_protocol;\nlisten [::]:80 proxy_protocol;\n"}, + }, expected: "listen 80 proxy_protocol;\n listen [::]:80 proxy_protocol;\n"}, {server: Server{ CustomListeners: true, HTTPPort: 81, @@ -183,7 +183,7 @@ func TestMakeHTTPListener(t *testing.T) { HTTPPort: 81, DisableIPV6: false, ProxyProtocol: false, - }, expected: "listen 81;\nlisten [::]:81;\n"}, + }, expected: "listen 81;\n listen [::]:81;\n"}, {server: Server{ CustomListeners: true, HTTPPort: 81, @@ -195,7 +195,7 @@ func TestMakeHTTPListener(t *testing.T) { HTTPPort: 81, DisableIPV6: false, ProxyProtocol: true, - }, expected: "listen 81 proxy_protocol;\nlisten [::]:81 proxy_protocol;\n"}, + }, expected: "listen 81 proxy_protocol;\n listen [::]:81 proxy_protocol;\n"}, } for _, tc := range testCases { @@ -222,7 +222,7 @@ func TestMakeHTTPSListener(t *testing.T) { CustomListeners: false, DisableIPV6: false, ProxyProtocol: false, - }, expected: "listen 443 ssl;\nlisten [::]:443 ssl;\n"}, + }, expected: "listen 443 ssl;\n listen [::]:443 ssl;\n"}, {server: Server{ CustomListeners: false, DisableIPV6: true, @@ -232,7 +232,7 @@ func TestMakeHTTPSListener(t *testing.T) { CustomListeners: false, DisableIPV6: false, ProxyProtocol: true, - }, expected: "listen 443 ssl proxy_protocol;\nlisten [::]:443 ssl proxy_protocol;\n"}, + }, expected: "listen 443 ssl proxy_protocol;\n listen [::]:443 ssl proxy_protocol;\n"}, {server: Server{ CustomListeners: true, HTTPSPort: 444, @@ -244,7 +244,7 @@ func TestMakeHTTPSListener(t *testing.T) { HTTPSPort: 444, DisableIPV6: false, ProxyProtocol: false, - }, expected: "listen 444 ssl;\nlisten [::]:444 ssl;\n"}, + }, expected: "listen 444 ssl;\n listen [::]:444 ssl;\n"}, {server: Server{ CustomListeners: true, HTTPSPort: 444, @@ -256,7 +256,7 @@ func TestMakeHTTPSListener(t *testing.T) { HTTPSPort: 444, DisableIPV6: false, ProxyProtocol: true, - }, expected: "listen 444 ssl proxy_protocol;\nlisten [::]:444 ssl proxy_protocol;\n"}, + }, expected: "listen 444 ssl proxy_protocol;\n listen [::]:444 ssl proxy_protocol;\n"}, } for _, tc := range testCases { got := makeHTTPSListener(tc.server) From 8c23ebf9cbe3e320e8b899369b2c4ed8695c0de5 Mon Sep 17 00:00:00 2001 From: Jim Ryan Date: Sun, 26 Nov 2023 12:56:03 +0000 Subject: [PATCH 10/10] merge main --- internal/configs/version2/nginx-plus.virtualserver.tmpl | 1 - internal/configs/version2/nginx.virtualserver.tmpl | 7 +------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index d4f69881c2..5a7f512c92 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -101,7 +101,6 @@ server { {{- end }} {{- if $ssl.HTTP2 }} http2 on; -<<<<<<< HEAD {{- end }} {{- if $ssl.RejectHandshake }} diff --git a/internal/configs/version2/nginx.virtualserver.tmpl b/internal/configs/version2/nginx.virtualserver.tmpl index a03667123c..4d5811e725 100644 --- a/internal/configs/version2/nginx.virtualserver.tmpl +++ b/internal/configs/version2/nginx.virtualserver.tmpl @@ -42,7 +42,6 @@ limit_req_zone {{ $z.Key }} zone={{ $z.ZoneName }}:{{ $z.ZoneSize }} rate={{ $z. {{- $s := .Server }} server { {{- if $s.Gunzip }}gunzip on;{{end}} - {{ makeHTTPListener $s | printf }} server_name {{ $s.ServerName }}; @@ -51,9 +50,6 @@ server { set $resource_name "{{$s.VSName}}"; set $resource_namespace "{{$s.VSNamespace}}"; - - - {{- with $ssl := $s.SSL }} {{- if $s.TLSPassthrough }} listen unix:/var/lib/nginx/passthrough-https.sock proxy_protocol; @@ -64,8 +60,7 @@ server { {{- end }} {{- if $ssl.HTTP2 }} http2 on; - {{- end }} - + {{- end }} {{- if $ssl.RejectHandshake }} ssl_reject_handshake on;