Implement TemplateConfig sync for all template types.

pkg/controller/templateconfig.go

@@ -47,6 +47,18 @@ func (worker *NamespaceWorker) syncTcfg(key string) update.Status {
 		tcfg.Name, tcfg)
 
 	updates := make([]string, 0, ntmpls)
+	if tcfg.Spec.Ingress != "" {
+		if err = vcl.SetIngressTmpl(tcfg.Spec.Ingress); err != nil {
+			return update.MakeFatal(
+				"TemplateConfig %s/%s: Cannot parse ingress "+
+					"template: %v", tcfg.Namespace,
+				tcfg.Name, err)
+		}
+		worker.log.Infof(
+			"TemplateConfig %s/%s: updated ingress template",
+			tcfg.Namespace, tcfg.Name)
+		updates = append(updates, "ingress")
+	}
 	if tcfg.Spec.ACL != "" {
 		if err = vcl.SetACLTmpl(tcfg.Spec.ACL); err != nil {
 			return update.MakeFatal(
@@ -58,6 +70,53 @@ func (worker *NamespaceWorker) syncTcfg(key string) update.Status {
 			tcfg.Namespace, tcfg.Name)
 		updates = append(updates, "acl")
 	}
+	if tcfg.Spec.Auth != "" {
+		if err = vcl.SetAuthTmpl(tcfg.Spec.Auth); err != nil {
+			return update.MakeFatal(
+				"TemplateConfig %s/%s: Cannot parse auth "+
+					"template: %v", tcfg.Namespace,
+				tcfg.Name, err)
+		}
+		worker.log.Infof("TemplateConfig %s/%s: updated auth template",
+			tcfg.Namespace, tcfg.Name)
+		updates = append(updates, "auth")
+	}
+	if tcfg.Spec.ReqDisp != "" {
+		if err = vcl.SetReqDispTmpl(tcfg.Spec.ReqDisp); err != nil {
+			return update.MakeFatal(
+				"TemplateConfig %s/%s: Cannot parse reqDisp "+
+					"template: %v", tcfg.Namespace,
+				tcfg.Name, err)
+		}
+		worker.log.Infof(
+			"TemplateConfig %s/%s: updated reqDisp template",
+			tcfg.Namespace, tcfg.Name)
+		updates = append(updates, "reqDisp")
+	}
+	if tcfg.Spec.Rewrite != "" {
+		if err = vcl.SetRewriteTmpl(tcfg.Spec.Rewrite); err != nil {
+			return update.MakeFatal(
+				"TemplateConfig %s/%s: Cannot parse rewrite "+
+					"template: %v", tcfg.Namespace,
+				tcfg.Name, err)
+		}
+		worker.log.Infof(
+			"TemplateConfig %s/%s: updated rewrite template",
+			tcfg.Namespace, tcfg.Name)
+		updates = append(updates, "rewrite")
+	}
+	if tcfg.Spec.Shard != "" {
+		if err = vcl.SetShardTmpl(tcfg.Spec.Shard); err != nil {
+			return update.MakeFatal(
+				"TemplateConfig %s/%s: Cannot parse shard "+
+					"template: %v", tcfg.Namespace,
+				tcfg.Name, err)
+		}
+		worker.log.Infof(
+			"TemplateConfig %s/%s: updated shard template",
+			tcfg.Namespace, tcfg.Name)
+		updates = append(updates, "shard")
+	}
 
 	return update.MakeSuccess(
 		"TemplateConfig %s/%s: updated templates: %v", tcfg.Namespace,
@@ -76,7 +135,12 @@ func (worker *NamespaceWorker) deleteTcfg(obj interface{}) update.Status {
 	tcfg, ok := obj.(*vcr_v1alpha1.TemplateConfig)
 	if !ok || tcfg == nil {
 		worker.log.Warnf("Delete TemplateConfig: not found: %v", obj)
+		vcl.ResetIngressTmpl()
 		vcl.ResetACLTmpl()
+		vcl.ResetAuthTmpl()
+		vcl.ResetReqDispTmpl()
+		vcl.ResetRewriteTmpl()
+		vcl.ResetShardTmpl()
 		return update.MakeSuccess("TemplateConfig: all templates reset")
 	}
 
@@ -84,12 +148,42 @@ func (worker *NamespaceWorker) deleteTcfg(obj interface{}) update.Status {
 		tcfg.Name)
 	resets := make([]string, 0, ntmpls)
 
+	if tcfg.Spec.Ingress != "" {
+		vcl.ResetIngressTmpl()
+		worker.log.Infof("TemplateConfig %s/%s: reset ingress template",
+			tcfg.Namespace, tcfg.Name)
+		resets = append(resets, "ingress")
+	}
 	if tcfg.Spec.ACL != "" {
 		vcl.ResetACLTmpl()
 		worker.log.Infof("TemplateConfig %s/%s: reset ACL template",
 			tcfg.Namespace, tcfg.Name)
 		resets = append(resets, "acl")
 	}
+	if tcfg.Spec.Auth != "" {
+		vcl.ResetAuthTmpl()
+		worker.log.Infof("TemplateConfig %s/%s: reset auth template",
+			tcfg.Namespace, tcfg.Name)
+		resets = append(resets, "auth")
+	}
+	if tcfg.Spec.ReqDisp != "" {
+		vcl.ResetReqDispTmpl()
+		worker.log.Infof("TemplateConfig %s/%s: reset reqDisp template",
+			tcfg.Namespace, tcfg.Name)
+		resets = append(resets, "reqDisp")
+	}
+	if tcfg.Spec.Rewrite != "" {
+		vcl.ResetRewriteTmpl()
+		worker.log.Infof("TemplateConfig %s/%s: reset rewrite template",
+			tcfg.Namespace, tcfg.Name)
+		resets = append(resets, "rewrite")
+	}
+	if tcfg.Spec.Shard != "" {
+		vcl.ResetShardTmpl()
+		worker.log.Infof("TemplateConfig %s/%s: reset shard template",
+			tcfg.Namespace, tcfg.Name)
+		resets = append(resets, "shard")
+	}
 
 	return update.MakeSuccess(
 		"TemplateConfig %s/%s: reset templates: %v", tcfg.Namespace,

pkg/varnish/vcl/auth_tmpl.go

@@ -91,3 +91,27 @@ var authFuncs = template.FuncMap{
 
 var authTmpl = template.Must(template.New(authTmplName).Funcs(authFuncs).
 	Parse(authTmplSrc))
+
+// ResetAuthTmpl sets the VCL template for the VarnishConfig auth
+// feature to its current "official" value. Invoked on TemplateConfig
+// deletion, only needed when devmode is activated for the controller.
+func ResetAuthTmpl() {
+	authTmpl = template.Must(template.New(authTmplName).Funcs(authFuncs).
+		Parse(authTmplSrc))
+}
+
+// SetAuthTmpl parses src as a text/template, using the FuncMap
+// defined for the auth template, which is used to generate VCL for
+// the VarnishConfig auth feature. On success, the auth template is
+// replaced. If the parse fails, then the error is returned and the
+// auth template is unchanged.
+//
+// Only used when devmode is activated for the controller.
+func SetAuthTmpl(src string) error {
+	newTmpl, err := template.New(authTmplName).Funcs(authFuncs).Parse(src)
+	if err != nil {
+		return err
+	}
+	authTmpl = newTmpl
+	return nil
+}

pkg/varnish/vcl/recv_disposition_tmpl.go

@@ -126,3 +126,29 @@ var reqDispFuncs = template.FuncMap{
 
 var reqDispTmpl = template.Must(template.New(reqDispTmplName).
 	Funcs(reqDispFuncs).Parse(reqDispTmplSrc))
+
+// ResetReqDispTmpl sets the VCL template for the VarnishConfig
+// reqDisp feature to its current "official" value. Invoked on
+// TemplateConfig deletion, only needed when devmode is activated for
+// the controller.
+func ResetReqDispTmpl() {
+	reqDispTmpl = template.Must(template.New(reqDispTmplName).
+		Funcs(reqDispFuncs).Parse(reqDispTmplSrc))
+}
+
+// SetReqDispTmpl parses src as a text/template, using the FuncMap
+// defined for the reqDisp template, which is used to generate VCL for
+// the VarnishConfig reqDisp feature. On success, the reqDisp template
+// is replaced. If the parse fails, then the error is returned and the
+// reqDisp template is unchanged.
+//
+// Only used when devmode is activated for the controller.
+func SetReqDispTmpl(src string) error {
+	newTmpl, err := template.New(reqDispTmplName).Funcs(reqDispFuncs).
+		Parse(src)
+	if err != nil {
+		return err
+	}
+	reqDispTmpl = newTmpl
+	return nil
+}

pkg/varnish/vcl/rewrite_tmpl.go

@@ -272,3 +272,29 @@ var rewriteFuncs = template.FuncMap{
 
 var rewriteTmpl = template.Must(template.New(rewriteTmplName).
 	Funcs(rewriteFuncs).Parse(rewriteTmplSrc))
+
+// ResetRewriteTmpl sets the VCL template for the VarnishConfig
+// rewrite feature to its current "official" value. Invoked on
+// TemplateConfig deletion, only needed when devmode is activated for
+// the controller.
+func ResetRewriteTmpl() {
+	rewriteTmpl = template.Must(template.New(rewriteTmplName).
+		Funcs(rewriteFuncs).Parse(rewriteTmplSrc))
+}
+
+// SetRewriteTmpl parses src as a text/template, using the FuncMap
+// defined for the rewrite template, which is used to generate VCL for
+// the VarnishConfig rewrite feature. On success, the rewrite template
+// is replaced. If the parse fails, then the error is returned and the
+// rewrite template is unchanged.
+//
+// Only used when devmode is activated for the controller.
+func SetRewriteTmpl(src string) error {
+	newTmpl, err := template.New(rewriteTmplName).Funcs(rewriteFuncs).
+		Parse(src)
+	if err != nil {
+		return err
+	}
+	rewriteTmpl = newTmpl
+	return nil
+}

pkg/varnish/vcl/self_shard_tmpl.go

@@ -241,3 +241,29 @@ var shardFuncMap = template.FuncMap{
 
 var shardTmpl = template.Must(template.New(selfShardName).Funcs(shardFuncMap).
 	Parse(selfShardTmplSrc))
+
+// ResetShardTmpl sets the VCL template for the VarnishConfig
+// shard feature to its current "official" value. Invoked on
+// TemplateConfig deletion, only needed when devmode is activated for
+// the controller.
+func ResetShardTmpl() {
+	shardTmpl = template.Must(template.New(selfShardName).
+		Funcs(shardFuncMap).Parse(selfShardTmplSrc))
+}
+
+// SetShardTmpl parses src as a text/template, using the FuncMap
+// defined for the shard template, which is used to generate VCL for
+// the VarnishConfig shard feature. On success, the shard template
+// is replaced. If the parse fails, then the error is returned and the
+// shard template is unchanged.
+//
+// Only used when devmode is activated for the controller.
+func SetShardTmpl(src string) error {
+	newTmpl, err := template.New(selfShardName).Funcs(shardFuncMap).
+		Parse(src)
+	if err != nil {
+		return err
+	}
+	shardTmpl = newTmpl
+	return nil
+}

pkg/varnish/vcl/vcl_tmpl.go

@@ -284,3 +284,30 @@ var vclFuncs = template.FuncMap{
 
 var ingressTmpl = template.Must(template.New(ingTmplName).
 	Funcs(vclFuncs).Parse(ingTmplSrc))
+
+// ResetIngressTmpl sets the VCL template for Ingress implementation
+// (routing rules and bakend configuration) to its current "official"
+// value. Invoked on TemplateConfig deletion, only needed when devmode
+// is activated for the controller.
+func ResetIngressTmpl() {
+	ingressTmpl = template.Must(template.New(ingTmplName).Funcs(vclFuncs).
+		Parse(ingTmplSrc))
+}
+
+// SetIngressTmpl parses src as a text/template, using the FuncMap
+// defined for the ingress template, which is used to generate VCL for
+// Ingress implementaion -- routing rules and backend configuration,
+// including configuration set for the BackendConfig custom
+// resource. On success, the ingress template is replaced. If the
+// parse fails, then the error is returned and the shard template is
+// unchanged.
+//
+// Only used when devmode is activated for the controller.
+func SetIngressTmpl(src string) error {
+	newTmpl, err := template.New(ingTmplName).Funcs(vclFuncs).Parse(src)
+	if err != nil {
+		return err
+	}
+	ingressTmpl = newTmpl
+	return nil
+}

test/e2e/tmplcfg/Makefile

@@ -104,7 +104,8 @@ deploy-kubectl:
 	@kubectl apply -f varnish.yaml
 	@kubectl apply -f controller.yaml
 	@kubectl apply -f tmplcfg.yaml
-	@kubectl apply -f acl.yaml
+	@kubectl apply -f auth-secrets.yaml
+	@kubectl apply -f vcfg.yaml
 	@kubectl apply -f cafe.yaml
 	@kubectl apply -f cafe-ingress.yaml
 
@@ -129,7 +130,8 @@ undeploy-helm:
 undeploy-kubectl:
 	@kubectl delete -f cafe-ingress.yaml
 	@kubectl delete -f cafe.yaml
-	@kubectl delete -f acl.yaml
+	@kubectl delete -f vcfg.yaml
+	@kubectl delete -f auth-secrets.yaml
 	@kubectl delete -f tmplcfg.yaml
 	@kubectl delete -f controller.yaml
 	@kubectl delete -f varnish.yaml

test/e2e/tmplcfg/acl.yaml

-apiVersion: "ingress.varnish-cache.org/v1alpha1"
-kind: VarnishConfig
-metadata:
-  namespace: dev
-  name: acl-example-cfg
-spec:
-  services:
-    - varnish-ingress-admin
-
-  acl:
-    - name: local-private-ip4
-      addrs:
-      - addr: 127.0.0.0
-        mask-bits: 8
-      - addr: 10.0.0.0
-        mask-bits: 24
-      - addr: 172.16.0.0
-        mask-bits: 12
-      - addr: 192.168.0.0
-        mask-bits: 16
-      result-header:
-        header: req.http.X-ACL-Match
-        success: "matched"
-        failure: "failed"

test/e2e/tmplcfg/auth-secrets.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: dev
+  name: coffee-creds
+  labels:
+    viking.uplex.de/secret: auth
+type: Opaque
+stringData:
+  coffee-admin: superpowers
+  foo: bar
+  baz: quux
+  Aladdin: open sesame

test/e2e/tmplcfg/cafe.vtc

 # looks like -*- vcl -*-
 
-varnishtest "cafe example, ACLs with modified VCL template"
+varnishtest "cafe example with modified VCL templates"
 
 client c1 -connect "${localhost} ${localport}" {
 	txreq -url /tea -hdr "Host: cafe.example.com"
 	rxresp
 	expect resp.status == 200
+	expect resp.http.X-Backend ~ "^vk8s_dev_"
+	expect resp.http.Ingress-Template == "override"
 	expect resp.http.X-ACL-Match == "matched"
-	expect resp.http.Template == "acl"
+	expect resp.http.ACL-Template == "override"
+	expect resp.http.Auth-Template == "override"
+	expect resp.http.ReqDisp-Template == "override"
+	expect resp.http.X-Cache ~ "HIT|MISS"
+	expect resp.http.Rewrite-Template == "override"
+	expect resp.http.Shard-Template == "override"
 
 	txreq -url /coffee/black -hdr "Host: cafe.example.com"
 	rxresp
 	expect resp.status == 200
-	expect resp.http.X-ACL-Match == "matched"
-	expect resp.http.Template == "acl"
+	expect resp.http.X-Auth-Status == 60401
+	expect resp.http.WWW-Authenticate == {Basic realm="coffee", charset="UTF-8"}
 
-	txreq -url /coffee -hdr "Host: cafe.example.com"
+	# credentials foo:bar
+	txreq -url /coffee -hdr "Host: cafe.example.com" \
+            -hdr "Authorization: Basic Zm9vOmJhcg=="
 	rxresp
 	expect resp.status == 200
+	expect resp.http.X-Backend ~ "^vk8s_dev_"
+	expect resp.http.Ingress-Template == "override"
 	expect resp.http.X-ACL-Match == "matched"
-	expect resp.http.Template == "acl"
+	expect resp.http.ACL-Template == "override"
+	expect resp.http.Auth-Template == "override"
+	expect resp.http.ReqDisp-Template == "override"
+	expect resp.http.X-Cache ~ "HIT|MISS"
+	expect resp.http.Rewrite-Template == "override"
+	expect resp.http.Shard-Template == "override"
+
+	txreq -req PURGE -url /tea -hdr "Host: cafe.example.com"
+	rxresp
+	expect resp.status == 200
+	expect resp.reason == "Purged"
 } -run

test/e2e/tmplcfg/vcfg.yaml

+apiVersion: "ingress.varnish-cache.org/v1alpha1"
+kind: VarnishConfig
+metadata:
+  namespace: dev
+  name: acl-example-cfg
+spec:
+  services:
+    - varnish-ingress-admin
+
+  acl:
+    - name: local-private-ip4
+      addrs:
+      - addr: 127.0.0.0
+        mask-bits: 8
+      - addr: 10.0.0.0
+        mask-bits: 24
+      - addr: 172.16.0.0
+        mask-bits: 12
+      - addr: 192.168.0.0
+        mask-bits: 16
+      result-header:
+        header: req.http.X-ACL-Match
+        success: "matched"
+        failure: "failed"
+
+  auth:
+    - realm: coffee
+      secretName: coffee-creds
+      type: basic
+      utf8: true
+      conditions:
+        - comparand: req.http.Host
+          value: cafe.example.com
+          compare: equal
+        - comparand: req.url
+          value: ^/coffee($|/)
+          compare: match
+
+  req-disposition:
+    - conditions:
+      - comparand: req.http.Host
+        compare: not-exists
+      - comparand: req.esi_level
+        count: 0
+      - comparand: req.proto
+        compare: prefix
+        values:
+          - HTTP/1.1
+        match-flags:
+          case-insensitive: true
+      disposition:
+        action: synth
+        status: 400
+    - conditions:
+      - comparand: req.method
+        compare: equal
+        values:
+          - PURGE
+      disposition:
+        action: purge
+    - conditions:
+      - comparand: req.method
+        compare: not-equal
+        values:
+          - GET
+          - HEAD
+          - PUT
+          - POST
+          - TRACE
+          - OPTIONS
+          - DELETE
+          - PATCH
+          - CONNECT
+      disposition:
+        action: synth
+        status: 405
+    - conditions:
+      - comparand: req.method
+        compare: not-equal
+        values:
+          - GET
+          - HEAD
+      disposition:
+        action: pass
+
+  rewrites:
+    - target: req.http.X-Cache
+      vcl-sub: hit
+      rules:
+        - rewrite: HIT
+      method: replace
+    - target: req.http.X-Cache
+      vcl-sub: miss
+      rules:
+        - rewrite: MISS
+      method: replace
+    - target: req.http.X-Cache
+      vcl-sub: pass
+      rules:
+        - rewrite: PASS
+      method: replace
+    - target: resp.http.X-Cache
+      source: req.http.X-Cache
+      method: replace
+
+  self-sharding: {}