Skip to content

Commit

Permalink
deny_traffic field in frontends
Browse files Browse the repository at this point in the history 
it replaces cluster_id being an option, with None meaning DENY
  • Loading branch information
@Keksoj
Keksoj committed Oct 16, 2023
1 parent 35415c1 commit 932aa98
Show file tree
Hide file tree
Showing 15 changed files with 103 additions and 105 deletions.
1 change: 1 addition & 0 deletions bin/config.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,7 @@ load_balancing = "ROUND_ROBIN"
# - sticky_session = false # activates sticky sessions for this cluster
# - https_redirect = false # activates automatic redirection to HTTPS for this cluster
# - custom_tag: a tag to retrieve a frontend with the CLI or in the logs
# - deny_traffic: return a 401 for this frontend (defaults to false)
frontends = [
{ address = "0.0.0.0:8080", hostname = "lolcatho.st", tags = { key = "value" }, path = "/api" },
# HTTPS frontends also have an optional `tls_versions` key like the HTTPS listeners
Expand Down
41 changes: 16 additions & 25 deletions bin/src/cli.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,27 +403,6 @@ pub enum FrontendCmd {
},
}

#[derive(Subcommand, PartialEq, Eq, Clone, Debug)]
pub enum ClusterId {
/// traffic will go to the backend servers with this cluster id
Id {
/// traffic will go to the backend servers with this cluster id
id: String,
},
/// traffic to this frontend will be rejected with HTTP 401
Deny,
}

#[allow(clippy::from_over_into)]
impl std::convert::Into<Option<StateClusterId>> for ClusterId {
fn into(self) -> Option<StateClusterId> {
match self {
ClusterId::Deny => None,
ClusterId::Id { id } => Some(id),
}
}
}

#[derive(Subcommand, PartialEq, Eq, Clone, Debug)]
pub enum HttpFrontendCmd {
#[clap(name = "add")]
Expand All @@ -434,8 +413,8 @@ pub enum HttpFrontendCmd {
help = "frontend address, format: IP:port"
)]
address: SocketAddr,
#[clap(subcommand, name = "cluster_id")]
cluster_id: ClusterId,
#[clap(short = 'i', long = "cluster-id", help = "identifies a cluster")]
cluster_id: String,
#[clap(long = "hostname", aliases = &["host"])]
hostname: String,
#[clap(short = 'p', long = "path-prefix", help = "URL prefix of the frontend")]
Expand All @@ -454,6 +433,12 @@ pub enum HttpFrontendCmd {
method: Option<String>,
#[clap(long = "tags", help = "Specify tag (key-value pair) to apply on front-end (example: 'key=value, other-key=other-value')", value_parser = parse_tags)]
tags: Option<BTreeMap<String, String>>,
#[clap(
short = 'd',
long = "deny-traffic",
help = "send a 401 on this address"
)]
deny_traffic: Option<bool>,
},
#[clap(name = "remove")]
Remove {
Expand All @@ -463,8 +448,8 @@ pub enum HttpFrontendCmd {
help = "frontend address, format: IP:port"
)]
address: SocketAddr,
#[clap(subcommand, name = "cluster_id")]
cluster_id: ClusterId,
#[clap(short = 'i', long = "cluster-id", help = "identifies a cluster")]
cluster_id: String,
#[clap(long = "hostname", aliases = &["host"])]
hostname: String,
#[clap(short = 'p', long = "path-prefix", help = "URL prefix of the frontend")]
Expand Down Expand Up @@ -506,6 +491,12 @@ pub enum TcpFrontendCmd {
value_parser = parse_tags
)]
tags: Option<BTreeMap<String, String>>,
#[clap(
short = 'd',
long = "deny-traffic",
help = "send a 401 on this address"
)]
deny_traffic: Option<bool>,
},
#[clap(name = "remove")]
Remove {
Expand Down
20 changes: 4 additions & 16 deletions bin/src/ctl/display.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,10 +150,7 @@ pub fn print_frontend_list(frontends: ListedFrontends) {
]);
for http_frontend in frontends.http_frontends.iter() {
table.add_row(row!(
http_frontend
.cluster_id
.clone()
.unwrap_or("Deny".to_owned()),
http_frontend.cluster_id,
http_frontend.address.to_string(),
http_frontend.hostname.to_string(),
format!("{:?}", http_frontend.path),
Expand Down Expand Up @@ -181,10 +178,7 @@ pub fn print_frontend_list(frontends: ListedFrontends) {
]);
for https_frontend in frontends.https_frontends.iter() {
table.add_row(row!(
https_frontend
.cluster_id
.clone()
.unwrap_or("Deny".to_owned()),
https_frontend.cluster_id,
https_frontend.address.to_string(),
https_frontend.hostname.to_string(),
format!("{:?}", https_frontend.path),
Expand Down Expand Up @@ -516,10 +510,7 @@ pub fn print_cluster_responses(

for (key, values) in http_frontends.iter() {
let mut row = Vec::new();
match &key.cluster_id {
Some(cluster_id) => row.push(cell!(cluster_id)),
None => row.push(cell!("-")),
}
row.push(cell!(key.cluster_id));
row.push(cell!(key.hostname));
row.push(cell!(key.path));

Expand All @@ -540,10 +531,7 @@ pub fn print_cluster_responses(

for (key, values) in https_frontends.iter() {
let mut row = Vec::new();
match &key.cluster_id {
Some(cluster_id) => row.push(cell!(cluster_id)),
None => row.push(cell!("-")),
}
row.push(cell!(key.cluster_id));
row.push(cell!(key.hostname));
row.push(cell!(key.path));

Expand Down
24 changes: 17 additions & 7 deletions bin/src/ctl/request_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,11 +172,17 @@ impl CommandManager {

pub fn tcp_frontend_command(&mut self, cmd: TcpFrontendCmd) -> anyhow::Result<()> {
match cmd {
TcpFrontendCmd::Add { id, address, tags } => self.send_request(
TcpFrontendCmd::Add {
id,
address,
tags,
deny_traffic,
} => self.send_request(
RequestType::AddTcpFrontend(RequestTcpFrontend {
cluster_id: id,
address: address.to_string(),
tags: tags.unwrap_or(BTreeMap::new()),
deny_traffic: deny_traffic.unwrap_or(false),
})
.into(),
),
Expand All @@ -202,6 +208,7 @@ impl CommandManager {
method,
cluster_id: route,
tags,
deny_traffic,
} => self.send_request(
RequestType::AddHttpFrontend(RequestHttpFrontend {
cluster_id: route.into(),
Expand All @@ -214,6 +221,7 @@ impl CommandManager {
Some(tags) => tags,
None => BTreeMap::new(),
},
deny_traffic: deny_traffic.unwrap_or(false),
})
.into(),
),
Expand All @@ -224,10 +232,10 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
} => self.send_request(
RequestType::RemoveHttpFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand All @@ -248,11 +256,12 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
tags,
deny_traffic,
} => self.send_request(
RequestType::AddHttpsFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand All @@ -262,6 +271,7 @@ impl CommandManager {
Some(tags) => tags,
None => BTreeMap::new(),
},
deny_traffic: deny_traffic.unwrap_or(false),
})
.into(),
),
Expand All @@ -272,10 +282,10 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
} => self.send_request(
RequestType::RemoveHttpsFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand Down
6 changes: 4 additions & 2 deletions command/src/command.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,22 +209,24 @@ message ListenersList {

// An HTTP or HTTPS frontend, as order to, or received from, Sōzu
message RequestHttpFrontend {
optional string cluster_id = 1;
required string address = 2;
required string hostname = 3;
required PathRule path = 4;
optional string method = 5;
required RulePosition position = 6 [default = TREE];
// custom tags to identify the frontend in the access logs
map<string, string> tags = 7;
required string cluster_id = 8;
required bool deny_traffic = 9 [default = false];
}

message RequestTcpFrontend {
required string cluster_id = 1;
// the socket address on which to listen for incoming traffic
required string address = 2;
// custom tags to identify the frontend in the access logs
map<string, string> tags = 3;
required string cluster_id = 4;
required bool deny_traffic = 5 [default = false];
}

// list the frontends, filtered by protocol and/or domain
Expand Down
12 changes: 10 additions & 2 deletions command/src/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -657,6 +657,7 @@ pub struct FileClusterFrontendConfig {
#[serde(default)]
pub position: RulePosition,
pub tags: Option<BTreeMap<String, String>>,
pub deny_traffic: Option<bool>,
}

impl FileClusterFrontendConfig {
Expand Down Expand Up @@ -686,6 +687,7 @@ impl FileClusterFrontendConfig {
Ok(TcpFrontendConfig {
address: self.address,
tags: self.tags.clone(),
deny_traffic: self.deny_traffic,
})
}

Expand Down Expand Up @@ -742,6 +744,7 @@ impl FileClusterFrontendConfig {
path,
method: self.method.clone(),
tags: self.tags.clone(),
deny_traffic: self.deny_traffic,
})
}
}
Expand Down Expand Up @@ -892,6 +895,7 @@ pub struct HttpFrontendConfig {
#[serde(default)]
pub position: RulePosition,
pub tags: Option<BTreeMap<String, String>>,
pub deny_traffic: Option<bool>,
}

impl HttpFrontendConfig {
Expand Down Expand Up @@ -921,27 +925,29 @@ impl HttpFrontendConfig {

v.push(
RequestType::AddHttpsFrontend(RequestHttpFrontend {
cluster_id: Some(cluster_id.to_string()),
cluster_id: cluster_id.to_string(),
address: self.address.to_string(),
hostname: self.hostname.clone(),
path: self.path.clone(),
method: self.method.clone(),
position: self.position.into(),
tags,
deny_traffic: self.deny_traffic.unwrap_or(false),
})
.into(),
);
} else {
//create the front both for HTTP and HTTPS if possible
v.push(
RequestType::AddHttpFrontend(RequestHttpFrontend {
cluster_id: Some(cluster_id.to_string()),
cluster_id: cluster_id.to_string(),
address: self.address.to_string(),
hostname: self.hostname.clone(),
path: self.path.clone(),
method: self.method.clone(),
position: self.position.into(),
tags,
deny_traffic: self.deny_traffic.unwrap_or(false),
})
.into(),
);
Expand Down Expand Up @@ -1010,6 +1016,7 @@ impl HttpClusterConfig {
pub struct TcpFrontendConfig {
pub address: SocketAddr,
pub tags: Option<BTreeMap<String, String>>,
pub deny_traffic: Option<bool>,
}

#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
Expand Down Expand Up @@ -1042,6 +1049,7 @@ impl TcpClusterConfig {
cluster_id: self.cluster_id.clone(),
address: frontend.address.to_string(),
tags: frontend.tags.clone().unwrap_or(BTreeMap::new()),
deny_traffic: frontend.deny_traffic.unwrap_or(false),
})
.into(),
);
Expand Down
1 change: 1 addition & 0 deletions command/src/request.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ impl RequestHttpFrontend {
}
})?,
tags: Some(self.tags),
deny_traffic: self.deny_traffic,
})
}
}
Expand Down
9 changes: 7 additions & 2 deletions command/src/response.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,7 @@ impl Response {
/// An HTTP or HTTPS frontend, as used *within* Sōzu
#[derive(Debug, Clone, PartialOrd, Ord, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct HttpFrontend {
/// Send a 401, DENY, if cluster_id is None
pub cluster_id: Option<ClusterId>,
pub cluster_id: ClusterId,
pub address: SocketAddr,
pub hostname: String,
#[serde(default)]
Expand All @@ -39,6 +38,8 @@ pub struct HttpFrontend {
#[serde(default)]
pub position: RulePosition,
pub tags: Option<BTreeMap<String, String>>,
/// Send a 401, DENY, if true
pub deny_traffic: bool,
}

impl From<HttpFrontend> for RequestHttpFrontend {
Expand All @@ -55,6 +56,7 @@ impl From<HttpFrontend> for RequestHttpFrontend {
method: val.method,
position: val.position.into(),
tags,
deny_traffic: val.deny_traffic,
}
}
}
Expand Down Expand Up @@ -148,6 +150,8 @@ pub struct TcpFrontend {
pub address: SocketAddr,
/// custom tags to identify the frontend in the access logs
pub tags: BTreeMap<String, String>,
/// Send a 401, DENY, if true
pub deny_traffic: bool,
}

impl From<TcpFrontend> for RequestTcpFrontend {
Expand All @@ -156,6 +160,7 @@ impl From<TcpFrontend> for RequestTcpFrontend {
cluster_id: val.cluster_id,
address: val.address.to_string(),
tags: val.tags,
deny_traffic: val.deny_traffic,
}
}
}
Expand Down
Loading

0 comments on commit 932aa98

Please sign in to comment.