Merge branch 'master' into server-alias
This commit is contained in:
Fernando Diaz
GitHub
commit
47e4dd59a8
157 changed files with 26072 additions and 489 deletions
|
|
@ -17,7 +17,6 @@ limitations under the License.
|
|||
package ipwhitelist
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
api "k8s.io/api/core/v1"
|
||||
|
|
@ -26,7 +25,6 @@ import (
|
|||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
|
||||
"k8s.io/ingress/core/pkg/ingress/defaults"
|
||||
"k8s.io/ingress/core/pkg/ingress/errors"
|
||||
)
|
||||
|
||||
func buildIngress() *extensions.Ingress {
|
||||
|
|
@ -73,157 +71,118 @@ func (m mockBackend) GetDefaultBackend() defaults.Backend {
|
|||
}
|
||||
|
||||
func TestParseAnnotations(t *testing.T) {
|
||||
// TODO: convert test cases to tables
|
||||
ing := buildIngress()
|
||||
|
||||
testNet := "10.0.0.0/24"
|
||||
enet := []string{testNet}
|
||||
|
||||
data := map[string]string{}
|
||||
data[whitelist] = testNet
|
||||
ing.SetAnnotations(data)
|
||||
|
||||
expected := &SourceRange{
|
||||
CIDR: enet,
|
||||
tests := map[string]struct {
|
||||
net string
|
||||
expectCidr []string
|
||||
expectErr bool
|
||||
errOut string
|
||||
}{
|
||||
"test parse a valid net": {
|
||||
net: "10.0.0.0/24",
|
||||
expectCidr: []string{"10.0.0.0/24"},
|
||||
expectErr: false,
|
||||
},
|
||||
"test parse a invalid net": {
|
||||
net: "ww",
|
||||
expectErr: true,
|
||||
errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww",
|
||||
},
|
||||
"test parse a empty net": {
|
||||
net: "",
|
||||
expectErr: true,
|
||||
errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ",
|
||||
},
|
||||
"test parse multiple valid cidr": {
|
||||
net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",
|
||||
expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"},
|
||||
expectErr: false,
|
||||
},
|
||||
}
|
||||
|
||||
p := NewParser(mockBackend{})
|
||||
|
||||
i, err := p.Parse(ing)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
sr, ok := i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(sr, expected) {
|
||||
t.Errorf("expected %v but returned %s", sr, expected)
|
||||
}
|
||||
|
||||
data[whitelist] = "www"
|
||||
_, err = p.Parse(ing)
|
||||
if err == nil {
|
||||
t.Errorf("expected error parsing an invalid cidr")
|
||||
}
|
||||
|
||||
if !errors.IsLocationDenied(err) {
|
||||
t.Errorf("expected LocationDenied error: %+v", err)
|
||||
}
|
||||
|
||||
delete(data, whitelist)
|
||||
i, err = p.Parse(ing)
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error when no annotation present: %v", err)
|
||||
}
|
||||
|
||||
sr, ok = i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
if !strsEquals(sr.CIDR, []string{}) {
|
||||
t.Errorf("expected empty CIDR but %v returned", sr.CIDR)
|
||||
}
|
||||
|
||||
i, _ = p.Parse(&extensions.Ingress{})
|
||||
sr, ok = i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
if !strsEquals(sr.CIDR, []string{}) {
|
||||
t.Errorf("expected empty CIDR but %v returned", sr.CIDR)
|
||||
}
|
||||
|
||||
data[whitelist] = "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24"
|
||||
i, _ = p.Parse(ing)
|
||||
sr, ok = i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
ecidr := []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}
|
||||
if !strsEquals(sr.CIDR, ecidr) {
|
||||
t.Errorf("Expected %v CIDR but %v returned", ecidr, sr.CIDR)
|
||||
for testName, test := range tests {
|
||||
data := map[string]string{}
|
||||
data[whitelist] = test.net
|
||||
ing.SetAnnotations(data)
|
||||
p := NewParser(mockBackend{})
|
||||
i, err := p.Parse(ing)
|
||||
if err != nil && !test.expectErr {
|
||||
t.Errorf("%v:unexpected error: %v", testName, err)
|
||||
}
|
||||
if test.expectErr {
|
||||
if err.Error() != test.errOut {
|
||||
t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error())
|
||||
}
|
||||
}
|
||||
if !test.expectErr {
|
||||
sr, ok := i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("%v:expected a SourceRange type", testName)
|
||||
}
|
||||
if !strsEquals(sr.CIDR, test.expectCidr) {
|
||||
t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Test that when we have a whitelist set on the Backend that is used when we
|
||||
// don't have the annotation
|
||||
func TestParseAnnotationsWithDefaultConfig(t *testing.T) {
|
||||
// TODO: convert test cases to tables
|
||||
ing := buildIngress()
|
||||
|
||||
mockBackend := mockBackend{}
|
||||
mockBackend.Backend.WhitelistSourceRange = []string{"4.4.4.0/24", "1.2.3.4/32"}
|
||||
testNet := "10.0.0.0/24"
|
||||
enet := []string{testNet}
|
||||
|
||||
data := map[string]string{}
|
||||
data[whitelist] = testNet
|
||||
ing.SetAnnotations(data)
|
||||
|
||||
expected := &SourceRange{
|
||||
CIDR: enet,
|
||||
tests := map[string]struct {
|
||||
net string
|
||||
expectCidr []string
|
||||
expectErr bool
|
||||
errOut string
|
||||
}{
|
||||
"test parse a valid net": {
|
||||
net: "10.0.0.0/24",
|
||||
expectCidr: []string{"10.0.0.0/24"},
|
||||
expectErr: false,
|
||||
},
|
||||
"test parse a invalid net": {
|
||||
net: "ww",
|
||||
expectErr: true,
|
||||
errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ww",
|
||||
},
|
||||
"test parse a empty net": {
|
||||
net: "",
|
||||
expectErr: true,
|
||||
errOut: "the annotation does not contain a valid IP address or network: invalid CIDR address: ",
|
||||
},
|
||||
"test parse multiple valid cidr": {
|
||||
net: "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24",
|
||||
expectCidr: []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"},
|
||||
expectErr: false,
|
||||
},
|
||||
}
|
||||
|
||||
p := NewParser(mockBackend)
|
||||
|
||||
i, err := p.Parse(ing)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
sr, ok := i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(sr, expected) {
|
||||
t.Errorf("expected %v but returned %s", sr, expected)
|
||||
}
|
||||
|
||||
data[whitelist] = "www"
|
||||
_, err = p.Parse(ing)
|
||||
if err == nil {
|
||||
t.Errorf("expected error parsing an invalid cidr")
|
||||
}
|
||||
if !errors.IsLocationDenied(err) {
|
||||
t.Errorf("expected LocationDenied error: %+v", err)
|
||||
}
|
||||
|
||||
delete(data, whitelist)
|
||||
i, err = p.Parse(ing)
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error when no annotation present: %v", err)
|
||||
}
|
||||
|
||||
sr, ok = i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
if !strsEquals(sr.CIDR, mockBackend.WhitelistSourceRange) {
|
||||
t.Errorf("expected fallback CIDR but %v returned", sr.CIDR)
|
||||
}
|
||||
|
||||
i, _ = p.Parse(&extensions.Ingress{})
|
||||
sr, ok = i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
if !strsEquals(sr.CIDR, mockBackend.WhitelistSourceRange) {
|
||||
t.Errorf("expected fallback CIDR but %v returned", sr.CIDR)
|
||||
}
|
||||
|
||||
data[whitelist] = "2.2.2.2/32,1.1.1.1/32,3.3.3.0/24"
|
||||
i, _ = p.Parse(ing)
|
||||
sr, ok = i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("expected a SourceRange type")
|
||||
}
|
||||
ecidr := []string{"1.1.1.1/32", "2.2.2.2/32", "3.3.3.0/24"}
|
||||
if !strsEquals(sr.CIDR, ecidr) {
|
||||
t.Errorf("Expected %v CIDR but %v returned", ecidr, sr.CIDR)
|
||||
for testName, test := range tests {
|
||||
data := map[string]string{}
|
||||
data[whitelist] = test.net
|
||||
ing.SetAnnotations(data)
|
||||
p := NewParser(mockBackend)
|
||||
i, err := p.Parse(ing)
|
||||
if err != nil && !test.expectErr {
|
||||
t.Errorf("%v:unexpected error: %v", testName, err)
|
||||
}
|
||||
if test.expectErr {
|
||||
if err.Error() != test.errOut {
|
||||
t.Errorf("%v:expected error: %v but %v return", testName, test.errOut, err.Error())
|
||||
}
|
||||
}
|
||||
if !test.expectErr {
|
||||
sr, ok := i.(*SourceRange)
|
||||
if !ok {
|
||||
t.Errorf("%v:expected a SourceRange type", testName)
|
||||
}
|
||||
if !strsEquals(sr.CIDR, test.expectCidr) {
|
||||
t.Errorf("%v:expected %v CIDR but %v returned", testName, test.expectCidr, sr.CIDR)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,12 +22,15 @@ import (
|
|||
extensions "k8s.io/api/extensions/v1beta1"
|
||||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/parser"
|
||||
"k8s.io/ingress/core/pkg/ingress/resolver"
|
||||
)
|
||||
|
||||
const (
|
||||
limitIP = "ingress.kubernetes.io/limit-connections"
|
||||
limitRPS = "ingress.kubernetes.io/limit-rps"
|
||||
limitRPM = "ingress.kubernetes.io/limit-rpm"
|
||||
limitIP = "ingress.kubernetes.io/limit-connections"
|
||||
limitRPS = "ingress.kubernetes.io/limit-rps"
|
||||
limitRPM = "ingress.kubernetes.io/limit-rpm"
|
||||
limitRATE = "ingress.kubernetes.io/limit-rate"
|
||||
limitRATEAFTER = "ingress.kubernetes.io/limit-rate-after"
|
||||
|
||||
// allow 5 times the specified limit as burst
|
||||
defBurst = 5
|
||||
|
|
@ -48,6 +51,10 @@ type RateLimit struct {
|
|||
RPS Zone `json:"rps"`
|
||||
|
||||
RPM Zone `json:"rpm"`
|
||||
|
||||
LimitRate int `json:"limit-rate"`
|
||||
|
||||
LimitRateAfter int `json:"limit-rate-after"`
|
||||
}
|
||||
|
||||
// Equal tests for equality between two RateLimit types
|
||||
|
|
@ -67,6 +74,12 @@ func (rt1 *RateLimit) Equal(rt2 *RateLimit) bool {
|
|||
if !(&rt1.RPS).Equal(&rt2.RPS) {
|
||||
return false
|
||||
}
|
||||
if rt1.LimitRate != rt2.LimitRate {
|
||||
return false
|
||||
}
|
||||
if rt1.LimitRateAfter != rt2.LimitRateAfter {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
|
@ -106,16 +119,26 @@ func (z1 *Zone) Equal(z2 *Zone) bool {
|
|||
}
|
||||
|
||||
type ratelimit struct {
|
||||
backendResolver resolver.DefaultBackend
|
||||
}
|
||||
|
||||
// NewParser creates a new ratelimit annotation parser
|
||||
func NewParser() parser.IngressAnnotation {
|
||||
return ratelimit{}
|
||||
func NewParser(br resolver.DefaultBackend) parser.IngressAnnotation {
|
||||
return ratelimit{br}
|
||||
}
|
||||
|
||||
// ParseAnnotations parses the annotations contained in the ingress
|
||||
// rule used to rewrite the defined paths
|
||||
func (a ratelimit) Parse(ing *extensions.Ingress) (interface{}, error) {
|
||||
defBackend := a.backendResolver.GetDefaultBackend()
|
||||
lr, err := parser.GetIntAnnotation(limitRATE, ing)
|
||||
if err != nil {
|
||||
lr = defBackend.LimitRate
|
||||
}
|
||||
lra, err := parser.GetIntAnnotation(limitRATEAFTER, ing)
|
||||
if err != nil {
|
||||
lra = defBackend.LimitRateAfter
|
||||
}
|
||||
|
||||
rpm, _ := parser.GetIntAnnotation(limitRPM, ing)
|
||||
rps, _ := parser.GetIntAnnotation(limitRPS, ing)
|
||||
|
|
@ -123,9 +146,11 @@ func (a ratelimit) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
|
||||
if rpm == 0 && rps == 0 && conn == 0 {
|
||||
return &RateLimit{
|
||||
Connections: Zone{},
|
||||
RPS: Zone{},
|
||||
RPM: Zone{},
|
||||
Connections: Zone{},
|
||||
RPS: Zone{},
|
||||
RPM: Zone{},
|
||||
LimitRate: lr,
|
||||
LimitRateAfter: lra,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
@ -150,5 +175,7 @@ func (a ratelimit) Parse(ing *extensions.Ingress) (interface{}, error) {
|
|||
Burst: rpm * defBurst,
|
||||
SharedSize: defSharedSize,
|
||||
},
|
||||
LimitRate: lr,
|
||||
LimitRateAfter: lra,
|
||||
}, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import (
|
|||
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
"k8s.io/ingress/core/pkg/ingress/defaults"
|
||||
)
|
||||
|
||||
func buildIngress() *extensions.Ingress {
|
||||
|
|
@ -61,9 +62,19 @@ func buildIngress() *extensions.Ingress {
|
|||
}
|
||||
}
|
||||
|
||||
type mockBackend struct {
|
||||
}
|
||||
|
||||
func (m mockBackend) GetDefaultBackend() defaults.Backend {
|
||||
return defaults.Backend{
|
||||
LimitRateAfter: 0,
|
||||
LimitRate: 0,
|
||||
}
|
||||
}
|
||||
|
||||
func TestWithoutAnnotations(t *testing.T) {
|
||||
ing := buildIngress()
|
||||
_, err := NewParser().Parse(ing)
|
||||
_, err := NewParser(mockBackend{}).Parse(ing)
|
||||
if err != nil {
|
||||
t.Error("unexpected error with ingress without annotations")
|
||||
}
|
||||
|
|
@ -78,7 +89,7 @@ func TestBadRateLimiting(t *testing.T) {
|
|||
data[limitRPM] = "0"
|
||||
ing.SetAnnotations(data)
|
||||
|
||||
_, err := NewParser().Parse(ing)
|
||||
_, err := NewParser(mockBackend{}).Parse(ing)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error with invalid limits (0)")
|
||||
}
|
||||
|
|
@ -87,9 +98,12 @@ func TestBadRateLimiting(t *testing.T) {
|
|||
data[limitIP] = "5"
|
||||
data[limitRPS] = "100"
|
||||
data[limitRPM] = "10"
|
||||
data[limitRATEAFTER] = "100"
|
||||
data[limitRATE] = "10"
|
||||
|
||||
ing.SetAnnotations(data)
|
||||
|
||||
i, err := NewParser().Parse(ing)
|
||||
i, err := NewParser(mockBackend{}).Parse(ing)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
}
|
||||
|
|
@ -106,4 +120,10 @@ func TestBadRateLimiting(t *testing.T) {
|
|||
if rateLimit.RPM.Limit != 10 {
|
||||
t.Errorf("expected 10 in limit by rpm but %v was returend", rateLimit.RPM)
|
||||
}
|
||||
if rateLimit.LimitRateAfter != 100 {
|
||||
t.Errorf("expected 100 in limit by limitrateafter but %v was returend", rateLimit.LimitRateAfter)
|
||||
}
|
||||
if rateLimit.LimitRate != 10 {
|
||||
t.Errorf("expected 10 in limit by limitrate but %v was returend", rateLimit.LimitRate)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue