forked from hswaw/hscloud
go/mirko: add GetRemoteHTTPClient
Change-Id: Icf1ec5c28ea487e62a23590069042c5b9edad846
This commit is contained in:
parent
e17f7edde0
commit
13c90f0fe6
3 changed files with 150 additions and 1 deletions
|
@ -1,10 +1,11 @@
|
|||
load("@io_bazel_rules_go//go:def.bzl", "go_library")
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
"kubernetes.go",
|
||||
"mirko.go",
|
||||
"revproxy.go",
|
||||
"sql.go",
|
||||
"sql_migrations.go",
|
||||
"trace.go",
|
||||
|
@ -24,3 +25,10 @@ go_library(
|
|||
"@org_golang_x_net//trace:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
go_test(
|
||||
name = "go_default_test",
|
||||
srcs = ["revproxy_test.go"],
|
||||
embed = [":go_default_library"],
|
||||
deps = ["@io_k8s_client_go//kubernetes:go_default_library"],
|
||||
)
|
||||
|
|
66
go/mirko/revproxy.go
Normal file
66
go/mirko/revproxy.go
Normal file
|
@ -0,0 +1,66 @@
|
|||
package mirko
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// parsePort parses a string as a port number from 1 to 65535.
|
||||
func parsePort(s string) (uint16, error) {
|
||||
port, err := strconv.ParseUint(s, 10, 16)
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("could not parse port %q: %v", s, err)
|
||||
}
|
||||
if port < 1 || port > 65535 {
|
||||
return 0, fmt.Errorf("port %d out of range", port)
|
||||
}
|
||||
return uint16(port), nil
|
||||
}
|
||||
|
||||
// GetHTTPRemoteClient returns the IP address and source port of the client
|
||||
// initiating the given HTTP request. This will either interpret the remote
|
||||
// side of the HTTP connection if not running within a cluster, or the source
|
||||
// IP/port as reported by the cluster reverse proxy (nginx-ingress-controller).
|
||||
// An error will be returned if the request is unparseable for this data. In
|
||||
// this case, the caller should assume that the environment is misconfigured,
|
||||
// and that the client source cannot be deduced.
|
||||
func GetHTTPRemoteClient(r *http.Request) (net.IP, uint16, error) {
|
||||
if KubernetesClient() == nil {
|
||||
// We're not running inside a cluster (we're probably running on a dev
|
||||
// machine), so just return whatever net/http says.
|
||||
|
||||
host, portStr, err := net.SplitHostPort(r.RemoteAddr)
|
||||
if err != nil {
|
||||
return nil, 0, fmt.Errorf("could not split hostport: %v", err)
|
||||
}
|
||||
ip := net.ParseIP(host)
|
||||
if ip == nil {
|
||||
return nil, 0, fmt.Errorf("could not parse host %q to IP address", host)
|
||||
}
|
||||
port, err := parsePort(portStr)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
return ip, uint16(port), nil
|
||||
}
|
||||
|
||||
// We are running in a cluster, so we can expect Hscloud-* headers.
|
||||
// These are configured in the nginx-ingress-controller, //cluster/kube/lib/nginx.libsonnet.
|
||||
nsip := strings.TrimSpace(r.Header.Get("Hscloud-Nic-Source-IP"))
|
||||
nsport := strings.TrimSpace(r.Header.Get("Hscloud-Nic-Source-Port"))
|
||||
if nsip == "" || nsport == "" {
|
||||
return nil, 0, fmt.Errorf("Hscloud-Nic-* headers not set")
|
||||
}
|
||||
ip := net.ParseIP(nsip)
|
||||
if ip == nil {
|
||||
return nil, 0, fmt.Errorf("Invalid Hscloud-Nix-Source-IP %q", nsip)
|
||||
}
|
||||
port, err := parsePort(nsport)
|
||||
if err != nil {
|
||||
return nil, 0, fmt.Errorf("Invalid Hscloud-Nix-Source-Port: %v", err)
|
||||
}
|
||||
return ip, port, nil
|
||||
}
|
75
go/mirko/revproxy_test.go
Normal file
75
go/mirko/revproxy_test.go
Normal file
|
@ -0,0 +1,75 @@
|
|||
package mirko
|
||||
|
||||
import (
|
||||
"net"
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"k8s.io/client-go/kubernetes"
|
||||
)
|
||||
|
||||
// TestHTTPRemoteClient exercises GetHTTPRemoteClient.
|
||||
func TestHTTPRemoteClient(t *testing.T) {
|
||||
for i, te := range []struct {
|
||||
// k8s is whether GetHTTPRemoteClient should see itself as running in
|
||||
// production.
|
||||
k8s bool
|
||||
r *http.Request
|
||||
wantIP net.IP
|
||||
wantPort uint16
|
||||
}{
|
||||
// 0: No headers set, outside cluseter - should work as expected.
|
||||
{false, &http.Request{RemoteAddr: "1.2.3.4:1234", Header: map[string][]string{}}, net.IPv4(1, 2, 3, 4), 1234},
|
||||
// 1: No headers set, in cluseter - should fail.
|
||||
{true, &http.Request{RemoteAddr: "1.2.3.4:1234", Header: map[string][]string{}}, nil, 0},
|
||||
// 2: Headers set, outside cluster - should parse request, not headers.
|
||||
{false, &http.Request{RemoteAddr: "1.2.3.4:1234", Header: map[string][]string{
|
||||
"Hscloud-Nic-Source-Ip": []string{"2.3.4.5"},
|
||||
"Hscloud-Nic-Source-Port": []string{"2345"},
|
||||
}}, net.IPv4(1, 2, 3, 4), 1234},
|
||||
// 3: Headers set, in cluster - should parse headers, not request.
|
||||
{true, &http.Request{RemoteAddr: "1.2.3.4:1234", Header: map[string][]string{
|
||||
"Hscloud-Nic-Source-Ip": []string{"2.3.4.5"},
|
||||
"Hscloud-Nic-Source-Port": []string{"2345"},
|
||||
}}, net.IPv4(2, 3, 4, 5), 2345},
|
||||
|
||||
// 4: Test IPv6 parsing.
|
||||
{false, &http.Request{RemoteAddr: "[2a0d:eb00::42]:1234", Header: map[string][]string{}},
|
||||
net.IP([]byte{0x2a, 0x0d, 0xeb, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x42}), 1234},
|
||||
|
||||
// 5: Test broken IPv6.
|
||||
{false, &http.Request{RemoteAddr: "2a0d:eb00::42:1234", Header: map[string][]string{}}, nil, 0},
|
||||
// 6: Test broken IPv6.
|
||||
{false, &http.Request{RemoteAddr: "2a0d:eb00::42", Header: map[string][]string{}}, nil, 0},
|
||||
// 7: Test broken IPv6.
|
||||
{false, &http.Request{RemoteAddr: "2a0d:80", Header: map[string][]string{}}, nil, 0},
|
||||
|
||||
// 8: Test broken port.
|
||||
{false, &http.Request{RemoteAddr: "1.2.3.4", Header: map[string][]string{}}, nil, 0},
|
||||
// 9: Test broken port.
|
||||
{false, &http.Request{RemoteAddr: "1.2.3.4:0", Header: map[string][]string{}}, nil, 0},
|
||||
} {
|
||||
kubernetesCSMu.Lock()
|
||||
if te.k8s {
|
||||
kubernetesCS = &kubernetes.Clientset{}
|
||||
} else {
|
||||
kubernetesCS = nil
|
||||
}
|
||||
kubernetesCSValid = true
|
||||
kubernetesCSMu.Unlock()
|
||||
|
||||
gotIP, gotPort, err := GetHTTPRemoteClient(te.r)
|
||||
if err == nil {
|
||||
if want, got := te.wantIP, gotIP; !want.Equal(got) {
|
||||
t.Errorf("%d: wanted IP %v, got %v", i, want, got)
|
||||
}
|
||||
if want, got := te.wantPort, gotPort; want != got {
|
||||
t.Errorf("%d: wanted port %d, got %d", i, want, got)
|
||||
}
|
||||
} else {
|
||||
if te.wantIP != nil || te.wantPort != 0 {
|
||||
t.Errorf("%d: wanted %v %d, got failure", te.wantIP, te.wantPort)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue