Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge current v2.4 into v2.5 #8333

Merged
merged 4 commits into from Aug 5, 2021
Merged

Merge current v2.4 into v2.5 #8333

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
547c380
fix: change machine type for release
mmatur Aug 5, 2021
32d88a9
Avoid unauthorized midlleware cross namespace reference
jbdoumenjou Aug 5, 2021
ef9b79f
Remove unwanted trailing slash in key
jbdoumenjou Aug 5, 2021
187ec26
Merge current v2.4 into v2.5
jbdoumenjou Aug 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 4 additions & 0 deletions .semaphore/semaphore.yml
View file
Open in desktop
Expand Up @@ -73,6 +73,10 @@ blocks:
run:
when: "tag =~ '.*'"
task:
agent:
machine:
type: e1-standard-8
os_image: ubuntu1804
secrets:
- name: traefik
env_vars:
Expand Down
2 changes: 1 addition & 1 deletion pkg/config/kv/kv_node.go
View file
Open in desktop
Expand Up @@ -24,7 +24,7 @@ func DecodeToNode(pairs []*store.KVPair, rootName string, filters ...string) (*p
return nil, fmt.Errorf("invalid label root %s", rootName)
}

split := strings.Split(pair.Key[len(rootName)+1:], "/")
split := strings.FieldsFunc(pair.Key[len(rootName)+1:], func(c rune) bool { return c == '/' })

parts := []string{rootName}
for _, fragment := range split {
Expand Down
5 changes: 5 additions & 0 deletions pkg/config/kv/kv_test.go
View file
Open in desktop
Expand Up @@ -28,6 +28,7 @@ func TestDecode(t *testing.T) {
"traefik/fieldf/Test2": "B",
"traefik/fieldg/0/name": "A",
"traefik/fieldg/1/name": "B",
"traefik/fieldh/": "foo",
},
expected: &sample{
FieldA: "bar",
Expand All @@ -45,6 +46,7 @@ func TestDecode(t *testing.T) {
{Name: "A"},
{Name: "B"},
},
FieldH: "foo",
},
},
{
Expand All @@ -61,6 +63,7 @@ func TestDecode(t *testing.T) {
"foo/bar/traefik/fieldf/Test2": "B",
"foo/bar/traefik/fieldg/0/name": "A",
"foo/bar/traefik/fieldg/1/name": "B",
"foo/bar/traefik/fieldh/": "foo",
},
expected: &sample{
FieldA: "bar",
Expand All @@ -78,6 +81,7 @@ func TestDecode(t *testing.T) {
{Name: "A"},
{Name: "B"},
},
FieldH: "foo",
},
},
}
Expand Down Expand Up @@ -107,6 +111,7 @@ type sample struct {
} `label:"allowEmpty"`
FieldF map[string]string
FieldG []sub
FieldH string
}

type sub struct {
Expand Down
9 changes: 9 additions & 0 deletions pkg/provider/kubernetes/crd/fixtures/with_middleware_cross_namespace.yml
View file
Open in desktop
Expand Up @@ -28,6 +28,15 @@ spec:
port: 80
middlewares:
- name: test-errorpage
- match: Host(`foo.com`) && PathPrefix(`/bur`)
kind: Rule
priority: 12
services:
- name: whoami
namespace: default
port: 80
middlewares:
- name: cross-ns-stripprefix@kubernetescrd

---
apiVersion: traefik.containo.us/v1alpha1
Expand Down
16 changes: 13 additions & 3 deletions pkg/provider/kubernetes/crd/kubernetes_http.go
View file
Open in desktop
Expand Up @@ -147,13 +147,23 @@ func (p *Provider) makeMiddlewareKeys(ctx context.Context, ingRouteNamespace str
var mds []string

for _, mi := range middlewares {
if strings.Contains(mi.Name, providerNamespaceSeparator) {
name := mi.Name

if !p.AllowCrossNamespace && strings.HasSuffix(mi.Name, providerNamespaceSeparator+providerName) {
// Since we are not able to know if another namespace is in the name (namespace-name@kubernetescrd),
// if the provider namespace kubernetescrd is used,
// we don't allow this format to avoid cross namespace references.
return nil, fmt.Errorf("invalid reference to middleware %s: with crossnamespace disallowed, the namespace field needs to be explicitly specified", mi.Name)
}

if strings.Contains(name, providerNamespaceSeparator) {
if len(mi.Namespace) > 0 {
log.FromContext(ctx).
WithField(log.MiddlewareName, mi.Name).
Warnf("namespace %q is ignored in cross-provider context", mi.Namespace)
}
mds = append(mds, mi.Name)

mds = append(mds, name)
continue
}

Expand All @@ -166,7 +176,7 @@ func (p *Provider) makeMiddlewareKeys(ctx context.Context, ingRouteNamespace str
ns = mi.Namespace
}

mds = append(mds, makeID(ns, mi.Name))
mds = append(mds, makeID(ns, name))
}

return mds, nil
Expand Down
20 changes: 20 additions & 0 deletions pkg/provider/kubernetes/crd/kubernetes_test.go
View file
Open in desktop
Expand Up @@ -4313,6 +4313,13 @@ func TestCrossNamespace(t *testing.T) {
Priority: 12,
Middlewares: []string{"default-test-errorpage"},
},
"default-test-crossnamespace-route-a1963878aac7331b7950": {
EntryPoints: []string{"foo"},
Service: "default-test-crossnamespace-route-a1963878aac7331b7950",
Rule: "Host(`foo.com`) && PathPrefix(`/bur`)",
Priority: 12,
Middlewares: []string{"cross-ns-stripprefix@kubernetescrd"},
},
},
Middlewares: map[string]*dynamic.Middleware{
"cross-ns-stripprefix": {
Expand Down Expand Up @@ -4369,6 +4376,19 @@ func TestCrossNamespace(t *testing.T) {
PassHostHeader: Bool(true),
},
},
"default-test-crossnamespace-route-a1963878aac7331b7950": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:80",
},
{
URL: "http://10.10.0.2:80",
},
},
PassHostHeader: Bool(true),
},
},
},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
Expand Down