DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Maxmind Editions support

Browse source
This commit is contained in:
Maxim Pogozhiy 2020-03-16 14:26:33 +07:00
parent 130af33510
commit 78576a9bbc
7 changed files with 110 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

1
internal/ingress/controller/config/config.go
View file

@ -826,6 +826,7 @@ type TemplateConfig struct {
ListenPorts *ListenPorts
PublishService *apiv1.Service
EnableMetrics bool
MaxmindEditionFiles []string
PID string
StatusPath string

3
internal/ingress/controller/controller.go
View file

@ -98,7 +98,8 @@ type Configuration struct {
ValidationWebhookCertPath string
ValidationWebhookKeyPath string
GlobalExternalAuth *ngx_config.GlobalExternalAuth
GlobalExternalAuth *ngx_config.GlobalExternalAuth
MaxmindEditionFiles []string
}
// GetPublishService returns the Service used to set the load-balancer status of Ingresses.

12
internal/ingress/controller/nginx.go
View file

@ -615,12 +615,12 @@ func (n NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressC
ListenPorts: n.cfg.ListenPorts,
PublishService: n.GetPublishService(),
EnableMetrics: n.cfg.EnableMetrics,
HealthzURI: nginx.HealthPath,
PID: nginx.PID,
StatusPath: nginx.StatusPath,
StatusPort: nginx.StatusPort,
StreamPort: nginx.StreamPort,
MaxmindEditionFiles: n.cfg.MaxmindEditionFiles,
HealthzURI: nginx.HealthPath,
PID: nginx.PID,
StatusPath: nginx.StatusPath,
StatusPort: nginx.StatusPort,
StreamPort: nginx.StreamPort,
}
tc.Cfg.Checksum = ingressCfg.ConfigurationChecksum

60
internal/nginx/maxmind.go
View file

@ -30,12 +30,14 @@ import (
// MaxmindLicenseKey maxmind license key to download databases
var MaxmindLicenseKey = ""
// MaxmindEditionIDs maxmind editions (GeoLite2-City, GeoLite2-Country, GeoIP2-ISP, etc)
var MaxmindEditionIDs = ""
// MaxmindEditionFiles maxmind databases on disk
var MaxmindEditionFiles []string
const (
geoIPPath = "/etc/nginx/geoip"
geoLiteCityDB = "GeoLite2-City"
geoLiteASNDB = "GeoLite2-ASN"
geoIPPath = "/etc/nginx/geoip"
dbExtension = ".mmdb"
maxmindURL = "https://download.maxmind.com/app/geoip_download?license_key=%v&edition_id=%v&suffix=tar.gz"
@ -44,12 +46,10 @@ const (
// GeoLite2DBExists checks if the required databases for
// the GeoIP2 NGINX module are present in the filesystem
func GeoLite2DBExists() bool {
if !fileExists(path.Join(geoIPPath, geoLiteASNDB+dbExtension)) {
return false
}
if !fileExists(path.Join(geoIPPath, geoLiteCityDB+dbExtension)) {
return false
for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
if !fileExists(path.Join(geoIPPath, dbName+dbExtension)) {
return false
}
}
return true
@ -58,16 +58,13 @@ func GeoLite2DBExists() bool {
// DownloadGeoLite2DB downloads the required databases by the
// GeoIP2 NGINX module using a license key from MaxMind.
func DownloadGeoLite2DB() error {
err := downloadDatabase(geoLiteCityDB)
if err != nil {
return err
for _, dbName := range strings.Split(MaxmindEditionIDs, ",") {
err := downloadDatabase(dbName)
if err != nil {
return err
}
MaxmindEditionFiles = append(MaxmindEditionFiles, dbName+dbExtension)
}
err = downloadDatabase(geoLiteASNDB)
if err != nil {
return err
}
return nil
}
@ -133,6 +130,29 @@ func downloadDatabase(dbName string) error {
fmt.Sprintf(maxmindURL, "XXXXXXX", dbName), mmdbFile)
}
// ValidateGeoLite2DBEditions check provided Maxmind database editions names
func ValidateGeoLite2DBEditions() error {
allowedEditions := map[string]bool{
"GeoIP2-Anonymous-IP": true,
"GeoIP2-Country": true,
"GeoIP2-City": true,
"GeoIP2-Connection-Type": true,
"GeoIP2-Domain": true,
"GeoIP2-ISP": true,
"GeoIP2-ASN": true,
"GeoLite2-ASN": true,
"GeoLite2-Country": true,
"GeoLite2-City": true,
}
for _, edition := range strings.Split(MaxmindEditionIDs, ",") {
if !allowedEditions[edition] {
return fmt.Errorf("unknown Maxmind GeoIP2 edition name: '%s'", edition)
}
}
return nil
}
func fileExists(filePath string) bool {
info, err := os.Stat(filePath)
if os.IsNotExist(err) {