Skip to content

feat: Add route_services_internal_server_port property. #382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 26, 2024
Merged

feat: Add route_services_internal_server_port property. #382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions jobs/gorouter/spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,9 @@ properties:
router.route_services_internal_lookup_allowlist:
description: "a list of host names for route services that should be resolved internally. Each entry can be a fully qualified domain name or DNS wildcard (i.e. wildcard on 1 segment of a subdomain). If the list is empty, it is not in effect and internal lookup will be attempted for all host names, which can lead to CVE-2019-3789. Please turn on internal lookup only with an allowlist."
default: []
router.route_services_internal_server_port:
description: "Gorouter will use this port for internal route services."
default: 7070
router.route_services_secret_decrypt_only:
description: "To rotate keys, add your new key here and deploy. Then swap this key with the value of route_services_secret and deploy again."
default: ""
Expand Down
1 change: 1 addition & 0 deletions jobs/gorouter/templates/pre-start.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ tee_output_to_sys_log "${LOG_DIR}" "pre-start" <%= p("router.logging.format.time
ports.append(p("router.status.port")) # has default. will always exist.
ports.append(p("router.status.routes.port")) # has default. will always exist.
ports.append(p("router.tls_port")) # has default. will always exist.
ports.append(p("router.route_services_internal_server_port")) # has default. will always exist.

if_p('router.status.tls.port') do |port|
ports.append(port)
Expand Down
16 changes: 12 additions & 4 deletions spec/gorouter_templates_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1509,7 +1509,7 @@
{ 'router' => {
'port' => 81,
'status' => { 'port' => 8081, 'tls' => {'port' => 8443}, },
'prometheus' => { 'port' => 7070 },
'prometheus' => { 'port' => 7777 },
'tls_port' => 442,
'debug_address' => '127.0.0.1:17003'
} }
Expand All @@ -1518,15 +1518,15 @@
context 'ip_local_reserved_ports' do
it 'contains reserved ports in order' do
rendered_template = template.render(properties)
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7070,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7070,7777,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
expect(rendered_template).to include("\"#{ports}\" > /proc/sys/net/ipv4/ip_local_reserved_ports")
end

context 'when prometheus port is not set' do
it 'skips that port' do
properties['router'].delete('prometheus')
rendered_template = template.render(properties)
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7070,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
expect(rendered_template).to include("\"#{ports}\" > /proc/sys/net/ipv4/ip_local_reserved_ports")
end
end
Expand All @@ -1535,7 +1535,15 @@
it 'skips that port' do
properties['router']['debug_address'] = 'meow'
rendered_template = template.render(properties)
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7070,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,53035,53080'
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7070,7777,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,53035,53080'
expect(rendered_template).to include("\"#{ports}\" > /proc/sys/net/ipv4/ip_local_reserved_ports")
end
end
context 'when route_services_internal_server_port is set to a non-default value' do
it 'uses that port' do
properties['router']['route_services_internal_server_port'] = 7272
rendered_template = template.render(properties)
ports = '81,442,2822,2825,3457,3458,3459,3460,3461,7272,7777,8081,8082,8443,8853,9100,14726,14727,14821,14822,14823,14824,14829,14830,14922,15821,17003,53035,53080'
expect(rendered_template).to include("\"#{ports}\" > /proc/sys/net/ipv4/ip_local_reserved_ports")
end
end
Expand Down
2 changes: 1 addition & 1 deletion src/code.cloudfoundry.org/gorouter
Open in desktop
Submodule gorouter updated 11 files
+15 −13 config/config.go
+19 −0 config/config_test.go
+1 −1 integration/common_integration_test.go
+2 −2 integration/init_test.go
+28 −27 integration/main_test.go
+11 −10 integration/nats_test.go
+8 −8 integration/test_utils_test.go
+1 −1 main.go
+3 −2 router/route_service_server.go
+5 −1 router/route_service_server_test.go
+8 −7 test_util/helpers.go