Cleanup and minor refactor make readability easier
This commit is contained in:
parent
d4f86ac26d
commit
683cc2fd4a
|
@ -158,7 +158,6 @@ func testRequest(t *testing.T, url string, stream io.ReadWriter) *http.Request {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBastionDestination(t *testing.T) {
|
func TestBastionDestination(t *testing.T) {
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
header http.Header
|
header http.Header
|
||||||
|
|
|
@ -54,7 +54,7 @@ func (ing Ingress) FindMatchingRule(hostname, path string, cfJumpDestinationHead
|
||||||
for i, rule := range ing.Rules {
|
for i, rule := range ing.Rules {
|
||||||
// If bastion mode is turned on and request is made as bastion, attempt
|
// If bastion mode is turned on and request is made as bastion, attempt
|
||||||
// to match a rule where jump destination header matches the hostname
|
// to match a rule where jump destination header matches the hostname
|
||||||
if rule.Config.BastionMode && len(cfJumpDestinationHeader) > 0 {
|
if matchBastionDest(rule, cfJumpDestinationHeader) {
|
||||||
jumpDestinationUri, err := url.Parse(cfJumpDestinationHeader)
|
jumpDestinationUri, err := url.Parse(cfJumpDestinationHeader)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
derivedHostName = jumpDestinationUri.Hostname()
|
derivedHostName = jumpDestinationUri.Hostname()
|
||||||
|
@ -69,6 +69,10 @@ func (ing Ingress) FindMatchingRule(hostname, path string, cfJumpDestinationHead
|
||||||
return &ing.Rules[i], i
|
return &ing.Rules[i], i
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func matchBastionDest(rule Rule, cfJumpDestinationHeader string) bool {
|
||||||
|
return rule.Config.BastionMode && len(cfJumpDestinationHeader) > 0 && rule.Service != nil && rule.Service.String() != config.BastionFlag
|
||||||
|
}
|
||||||
|
|
||||||
func matchHost(ruleHost, reqHost string) bool {
|
func matchHost(ruleHost, reqHost string) bool {
|
||||||
if ruleHost == reqHost {
|
if ruleHost == reqHost {
|
||||||
return true
|
return true
|
||||||
|
|
|
@ -90,18 +90,27 @@ func (p *Proxy) ProxyHTTP(
|
||||||
rule, ruleNum := p.ingressRules.FindMatchingRule(req.Host, req.URL.Path, req.Header.Get(carrier.CFJumpDestinationHeader))
|
rule, ruleNum := p.ingressRules.FindMatchingRule(req.Host, req.URL.Path, req.Header.Get(carrier.CFJumpDestinationHeader))
|
||||||
ruleSpan.SetAttributes(attribute.Int("rule-num", ruleNum))
|
ruleSpan.SetAttributes(attribute.Int("rule-num", ruleNum))
|
||||||
ruleSpan.End()
|
ruleSpan.End()
|
||||||
|
|
||||||
logger := newHTTPLogger(p.log, tr.ConnIndex, req, ruleNum, rule.Service.String())
|
logger := newHTTPLogger(p.log, tr.ConnIndex, req, ruleNum, rule.Service.String())
|
||||||
logHTTPRequest(&logger, req)
|
logHTTPRequest(&logger, req)
|
||||||
|
|
||||||
if err, applied := p.applyIngressMiddleware(rule, req, w); err != nil {
|
if err, applied := p.applyIngressMiddleware(rule, req, w); err != nil {
|
||||||
if applied {
|
if applied {
|
||||||
logRequestError(&logger, err)
|
logRequestError(&logger, err)
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if config is for Bastion Mode and service is a stream based origin proxy, if so stream service in bastion mode
|
if _, isStreamBased := rule.Service.(ingress.StreamBasedOriginProxy); isStreamBased || rule.Config.BastionMode {
|
||||||
if _, ok := rule.Service.(ingress.StreamBasedOriginProxy); ok || rule.Config.BastionMode {
|
return p.handleStreamBasedService(rule, req, w, tr, &logger)
|
||||||
|
}
|
||||||
|
|
||||||
|
return p.handleHTTPBasedService(rule, req, w, tr, isWebsocket, &logger)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *Proxy) handleStreamBasedService(rule *ingress.Rule, req *http.Request, w connection.ResponseWriter, tr *tracing.TracedHTTPRequest, logger *zerolog.Logger) error {
|
||||||
|
// If in bastion mode, we need to resolve the destination from the request, so service like http_status:404
|
||||||
|
// won't work since it doesn't have EstablishConnection method to resolve the destination
|
||||||
if _, ok := rule.Service.(ingress.StreamBasedOriginProxy); !ok && rule.Config.BastionMode {
|
if _, ok := rule.Service.(ingress.StreamBasedOriginProxy); !ok && rule.Config.BastionMode {
|
||||||
return fmt.Errorf("Unsupported service to stream to in bastion mode: %s", rule.Service)
|
return fmt.Errorf("Unsupported service to stream to in bastion mode: %s", rule.Service)
|
||||||
}
|
}
|
||||||
|
@ -115,36 +124,28 @@ func (p *Proxy) ProxyHTTP(
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("response writer is not a flusher")
|
return fmt.Errorf("response writer is not a flusher")
|
||||||
}
|
}
|
||||||
|
|
||||||
rws := connection.NewHTTPResponseReadWriterAcker(w, flusher, req)
|
rws := connection.NewHTTPResponseReadWriterAcker(w, flusher, req)
|
||||||
logger := logger.With().Str(logFieldDestAddr, dest).Logger()
|
if err := p.proxyStream(tr.ToTracedContext(), rws, dest, rule.Service.(ingress.StreamBasedOriginProxy), logger); err != nil {
|
||||||
// We know that Bastion mode is supported by StreamBasedOriginProxy, hence use the same
|
logRequestError(logger, err)
|
||||||
if err := p.proxyStream(tr.ToTracedContext(), rws, dest, rule.Service.(ingress.StreamBasedOriginProxy), &logger); err != nil {
|
|
||||||
logRequestError(&logger, err)
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *Proxy) handleHTTPBasedService(rule *ingress.Rule, req *http.Request, w connection.ResponseWriter, tr *tracing.TracedHTTPRequest, isWebsocket bool, logger *zerolog.Logger) error {
|
||||||
switch originProxy := rule.Service.(type) {
|
switch originProxy := rule.Service.(type) {
|
||||||
case ingress.HTTPOriginProxy:
|
case ingress.HTTPOriginProxy:
|
||||||
if err := p.proxyHTTPRequest(
|
if err := p.proxyHTTPRequest(w, tr, originProxy, isWebsocket, rule.Config.DisableChunkedEncoding, logger); err != nil {
|
||||||
w,
|
logRequestError(logger, err)
|
||||||
tr,
|
|
||||||
originProxy,
|
|
||||||
isWebsocket,
|
|
||||||
rule.Config.DisableChunkedEncoding,
|
|
||||||
&logger,
|
|
||||||
); err != nil {
|
|
||||||
logRequestError(&logger, err)
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return nil
|
|
||||||
case ingress.HTTPLocalProxy:
|
case ingress.HTTPLocalProxy:
|
||||||
p.proxyLocalRequest(originProxy, w, req, isWebsocket)
|
p.proxyLocalRequest(originProxy, w, req, isWebsocket)
|
||||||
return nil
|
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("Unrecognized service: %s, %t", rule.Service, originProxy)
|
return fmt.Errorf("Unrecognized service: %s, %t", rule.Service, originProxy)
|
||||||
}
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ProxyTCP proxies to a TCP connection between the origin service and cloudflared.
|
// ProxyTCP proxies to a TCP connection between the origin service and cloudflared.
|
||||||
|
|
Loading…
Reference in New Issue