Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
4f28adc2
Commit
4f28adc2
authored
Feb 14, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ACL checks generate no failure response when fail-status <= 100.
parent
65ab4547
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
72 additions
and
1 deletion
+72
-1
varnishcfg-crd.yaml
deploy/varnishcfg-crd.yaml
+1
-1
acl.tmpl
pkg/varnish/vcl/acl.tmpl
+2
-0
acl_no_fail.golden
pkg/varnish/vcl/testdata/acl_no_fail.golden
+18
-0
vcl_test.go
pkg/varnish/vcl/vcl_test.go
+51
-0
No files found.
deploy/varnishcfg-crd.yaml
View file @
4f28adc2
...
...
@@ -137,7 +137,7 @@ spec:
type
:
string
fail-status
:
type
:
integer
minimum
:
10
0
minimum
:
0
maximum
:
599
comparand
:
type
:
string
...
...
pkg/varnish/vcl/acl.tmpl
View file @
4f28adc2
...
...
@@ -23,7 +23,9 @@ sub vcl_recv {
{{- if .ResultHdr.Header}}
set {{.ResultHdr.Header}} = "{{.ResultHdr.Failure}}";
{{- end}}
{{- if ge .FailStatus 100}}
return(synth({{.FailStatus}}));
{{- end}}
}
{{- if .ResultHdr.Header}}
else {
...
...
pkg/varnish/vcl/testdata/acl_no_fail.golden
0 → 100644
View file @
4f28adc2
import std;
acl vk8s_acl_no_fail_acl {
"192.0.2.0"/24;
"198.51.100.0"/24;
"203.0.113.0"/24;
}
sub vcl_recv {
if (
client.ip !~ vk8s_acl_no_fail_acl
) {
set req.http.ACL-Whitelist = "fail";
}
else {
set req.http.ACL-Whitelist = "pass";
}
}
pkg/varnish/vcl/vcl_test.go
View file @
4f28adc2
...
...
@@ -535,6 +535,57 @@ func TestAclResultHeader(t *testing.T) {
}
}
var
aclNoFail
=
Spec
{
ACLs
:
[]
ACL
{{
Name
:
"acl_no_fail"
,
Comparand
:
"client.ip"
,
FailStatus
:
0
,
Whitelist
:
true
,
Addresses
:
[]
ACLAddress
{
ACLAddress
{
Addr
:
"192.0.2.0"
,
MaskBits
:
24
,
Negate
:
false
,
},
ACLAddress
{
Addr
:
"198.51.100.0"
,
MaskBits
:
24
,
Negate
:
false
,
},
ACLAddress
{
Addr
:
"203.0.113.0"
,
MaskBits
:
24
,
Negate
:
false
,
},
},
ResultHdr
:
ResultHdrType
{
Header
:
"req.http.ACL-Whitelist"
,
Success
:
"pass"
,
Failure
:
"fail"
,
},
}},
}
func
TestAclNoFail
(
t
*
testing
.
T
)
{
var
buf
bytes
.
Buffer
gold
:=
"acl_no_fail.golden"
if
err
:=
aclTmpl
.
Execute
(
&
buf
,
aclNoFail
);
err
!=
nil
{
t
.
Error
(
"acls template Execute():"
,
err
)
return
}
ok
,
err
:=
cmpGold
(
buf
.
Bytes
(),
gold
)
if
err
!=
nil
{
t
.
Fatalf
(
"Reading %s: %v"
,
gold
,
err
)
}
if
!
ok
{
t
.
Errorf
(
"Generated VCL does not match gold file: %s"
,
gold
)
if
testing
.
Verbose
()
{
t
.
Logf
(
"Generated: %s"
,
buf
.
String
())
}
}
}
var
customVCLSpec
=
Spec
{
DefaultService
:
Service
{},
Rules
:
[]
Rule
{{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment