Commit c673a9a8 authored by Nils Goroll's avatar Nils Goroll

update to Varnish-Cache master/5.2 and use of the in-tree blob vmod

parent dcdcefcb
Pipeline #281 skipped
......@@ -30,7 +30,7 @@ off optimizations and function inlining, so that a debugger will step
through the code as expected.
To run the VTC test cases in ``src/test`` (as when ``make check`` is
invoked), you must have the VMOD ``blobcode`` installed.
invoked), you must have the VMOD ``blob`` installed.
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blob: https://code.uplex.de/uplex-varnish/libvmod-blob
......@@ -11,8 +11,8 @@ resources. This sequence will install the VMOD::
> make check # to run unit tests in src/tests/*.vtc
> sudo make install
``make check`` requires that the VMOD ``blobcode`` is installed
(https://code.uplex.de/uplex-varnish/libvmod-blobcode).
``make check`` requires that the VMOD ``blob`` is installed
(https://code.uplex.de/uplex-varnish/libvmod-blob).
If you have installed Varnish in a non-standard directory, call
``autogen.sh`` and ``configure`` with the ``PKG_CONFIG_PATH``
......
......@@ -87,14 +87,14 @@ OPEN or DENY), a TTL for the TOKEN type, and possibly a shared secret
used for authorization. For example::
import hoailona;
import blobcode;
import blob;
sub vcl_init {
# Define a policy for token authorization lasting one hour,
# and associate it with a shared secret.
new token_policy
= hoailona.policy(TOKEN, 1h,
blobcode.decode(encoded="secret"));
blob.decode(encoded="secret"));
# Define a policy for open access (authorization not required)
new open_policy = hoailona.policy(OPEN);
......@@ -173,7 +173,7 @@ the shared secret associated with the policy, to generate the
HMAC for the token::
import blobdigest;
import blobcode;
import blob;
sub vcl_recv {
# .policy() returns 2 for policy type TOKEN
......@@ -183,14 +183,14 @@ HMAC for the token::
# header
set req.http.Tmp-Token = config.token();
# Use VMOD blobdigest to generate the HMAC, and VMOD blobcode
# Use VMOD blobdigest to generate the HMAC, and VMOD blob
# to encode the result in lower case hex.
# The shared secret serves as the HMAC key, and the token just
# assigned to the temp header is the message to be hashed.
set req.http.Tmp-HMAC
= blobcode.encode(HEXLC,
= blob.encode(HEX, LOWER,
blobdigest.hmacf(SHA256, config.secret(),
blobcode.decode(IDENTITY,
blob.decode(encoded=
req.http.Tmp-Token)));
# These two temp headers can now be combined to form the full
......@@ -256,7 +256,7 @@ correspond with ``ttl``.
The optional ``secret`` parameter may contain a shared secret for
authorization, which serves as the key for an HMAC. The data type for
``secret`` is BLOB, which cannot be expressed in native VCL, but can
be generated by a VMOD (such as VMOD ``blobcode``). By default, no
be generated by a VMOD (such as VMOD ``blob``). By default, no
shared secret is stored for the policy.
The optional ``description`` parameter may contain any string; if
......@@ -287,9 +287,9 @@ Examples::
# (Note that in Varnish 5.0.0, the negative integer for start_offset
# must be written as 0-10, because negative literals are not parsed
# correctly.)
import blobcode;
import blob;
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
secret=blobcode.decode(HEX,
secret=blob.decode(decoding=HEX, encoded=
"717569636B2062726F776E20666F7879"));
# A policy for "access denied"
......@@ -598,7 +598,7 @@ the ``VCL_Error`` tag, and the method returns NULL.
Examples::
import blobdigest;
import blobcode;
import blob;
sub vcl_recv {
if (config.policy(req.http.Host, req.url) == 2) {
......@@ -608,9 +608,9 @@ Examples::
# Use VMOD blobdigest to generate the HMAC, where
# the shared secret serves as the HMAC key.
set req.http.Tmp-HMAC
= blobcode.encode(HEXLC,
= blob.encode(HEX, LOWER,
blobdigest.hmacf(SHA256, config.secret(),
blobcode.decode(IDENTITY,
blob.decode(encoded=
req.http.Tmp-Token)));
# Concatenate elements of the authorization token
......@@ -680,7 +680,7 @@ Example::
REQUIREMENTS
============
This VMOD requires Varnish since version 5.1.0.
This VMOD requires Varnish since version 5.2
LIMITATIONS
===========
......@@ -723,7 +723,6 @@ SEE ALSO
* varnishd(1)
* vcl(7)
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blobdigest: https://code.uplex.de/uplex-varnish/libvmod-blobdigest
Akamai documentation
......
......@@ -2,12 +2,11 @@
varnishtest "policy object constructor"
# VMOD blobcode must be installed
# Doesn't test much, just make sure nothing crashes
varnish v1 -vcl {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blobcode;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
......@@ -17,9 +16,9 @@ varnish v1 -vcl {
new p4 = hoailona.policy(TOKEN, 1h, description="policy p4");
new p5 = hoailona.policy(OPEN, start_offset= 0-10);
new p6 = hoailona.policy(DENY,
secret=blobcode.decode(encoded="foo"));
secret=blob.decode(encoded="foo"));
new p7 = hoailona.policy(TOKEN, 1h, "p7",
blobcode.decode(encoded="bar"), 0-30);
blob.decode(encoded="bar"), 0-30);
}
} -start
......
......@@ -2,16 +2,15 @@
varnishtest "hosts.secret()"
# VMOD blobcode must be installed
varnish v1 -vcl {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blobcode;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new p = hoailona.policy(TOKEN, 2h,
secret=blobcode.decode(encoded="foo"));
secret=blob.decode(encoded="foo"));
new h = hoailona.hosts();
h.add("example.com", "p");
}
......@@ -22,7 +21,7 @@ varnish v1 -vcl {
sub vcl_synth {
set resp.http.p1 = h.policy("example.com", "/foo/bar");
set resp.http.s1 = blobcode.encode(blob=h.secret());
set resp.http.s1 = blob.encode(blob=h.secret());
}
} -start
......@@ -37,13 +36,13 @@ client c1 {
# Usage
varnish v1 -errvcl {h.secret() may not be called in vcl_init} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blobcode;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new p = hoailona.policy(OPEN);
new h = hoailona.hosts();
if (blobcode.encode(blob=h.secret()) == "foo") {
if (blob.encode(blob=h.secret()) == "foo") {
return(fail);
}
}
......@@ -51,7 +50,7 @@ varnish v1 -errvcl {h.secret() may not be called in vcl_init} {
varnish v1 -vcl {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blobcode;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
......@@ -63,7 +62,7 @@ varnish v1 -vcl {
}
sub vcl_synth {
set resp.http.s1 = blobcode.encode(blob=h.secret());
set resp.http.s1 = blob.encode(blob=h.secret());
}
}
......
......@@ -70,14 +70,14 @@ OPEN or DENY), a TTL for the TOKEN type, and possibly a shared secret
used for authorization. For example::
import hoailona;
import blobcode;
import blob;
sub vcl_init {
# Define a policy for token authorization lasting one hour,
# and associate it with a shared secret.
new token_policy
= hoailona.policy(TOKEN, 1h,
blobcode.decode(encoded="secret"));
blob.decode(encoded="secret"));
# Define a policy for open access (authorization not required)
new open_policy = hoailona.policy(OPEN);
......@@ -156,7 +156,7 @@ the shared secret associated with the policy, to generate the
HMAC for the token::
import blobdigest;
import blobcode;
import blob;
sub vcl_recv {
# .policy() returns 2 for policy type TOKEN
......@@ -166,14 +166,14 @@ HMAC for the token::
# header
set req.http.Tmp-Token = config.token();
# Use VMOD blobdigest to generate the HMAC, and VMOD blobcode
# Use VMOD blobdigest to generate the HMAC, and VMOD blob
# to encode the result in lower case hex.
# The shared secret serves as the HMAC key, and the token just
# assigned to the temp header is the message to be hashed.
set req.http.Tmp-HMAC
= blobcode.encode(HEXLC,
= blob.encode(HEX, LOWER,
blobdigest.hmacf(SHA256, config.secret(),
blobcode.decode(IDENTITY,
blob.decode(encoded=
req.http.Tmp-Token)));
# These two temp headers can now be combined to form the full
......@@ -226,7 +226,7 @@ correspond with ``ttl``.
The optional ``secret`` parameter may contain a shared secret for
authorization, which serves as the key for an HMAC. The data type for
``secret`` is BLOB, which cannot be expressed in native VCL, but can
be generated by a VMOD (such as VMOD ``blobcode``). By default, no
be generated by a VMOD (such as VMOD ``blob``). By default, no
shared secret is stored for the policy.
The optional ``description`` parameter may contain any string; if
......@@ -257,9 +257,9 @@ Examples::
# (Note that in Varnish 5.0.0, the negative integer for start_offset
# must be written as 0-10, because negative literals are not parsed
# correctly.)
import blobcode;
import blob;
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
secret=blobcode.decode(HEX,
secret=blob.decode(decoding=HEX, encoded=
"717569636B2062726F776E20666F7879"));
# A policy for "access denied"
......@@ -534,7 +534,7 @@ the ``VCL_Error`` tag, and the method returns NULL.
Examples::
import blobdigest;
import blobcode;
import blob;
sub vcl_recv {
if (config.policy(req.http.Host, req.url) == 2) {
......@@ -544,9 +544,9 @@ Examples::
# Use VMOD blobdigest to generate the HMAC, where
# the shared secret serves as the HMAC key.
set req.http.Tmp-HMAC
= blobcode.encode(HEXLC,
= blob.encode(HEX, LOWER,
blobdigest.hmacf(SHA256, config.secret(),
blobcode.decode(IDENTITY,
blob.decode(encoded=
req.http.Tmp-Token)));
# Concatenate elements of the authorization token
......@@ -602,7 +602,7 @@ Example::
REQUIREMENTS
============
This VMOD requires Varnish since version 5.1.0.
This VMOD requires Varnish since version 5.2
LIMITATIONS
===========
......@@ -645,7 +645,6 @@ SEE ALSO
* varnishd(1)
* vcl(7)
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blobdigest: https://code.uplex.de/uplex-varnish/libvmod-blobdigest
Akamai documentation
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment