Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove deny rule, enforce cluster checks when adding frontends and backends #997

Closed
wants to merge 5 commits into from
Closed

Remove deny rule, enforce cluster checks when adding frontends and backends #997

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5bb3645
remove deny rule for frontends without cluster
Keksoj Sep 22, 2023
8b8be0c
cluster must be present when adding a frontend
Keksoj Sep 22, 2023
386446f
cluster must be present when adding a backend
Keksoj Sep 22, 2023
8f135c8
delete frontends and backends when deleting the parent cluster
Keksoj Sep 22, 2023
e96b0d0
warning when cluster is absent for a backend or frontend to add
Keksoj Sep 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 5 additions & 29 deletions bin/src/cli.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,7 @@ use std::{collections::BTreeMap, net::SocketAddr};

use clap::{Parser, Subcommand};

use sozu_command_lib::{
proto::command::{LoadBalancingAlgorithms, TlsVersion},
state::ClusterId as StateClusterId,
};
use sozu_command_lib::proto::command::{LoadBalancingAlgorithms, TlsVersion};

#[derive(Parser, PartialEq, Eq, Clone, Debug)]
#[clap(author, version, about)]
Expand Down Expand Up @@ -403,27 +400,6 @@ pub enum FrontendCmd {
},
}

#[derive(Subcommand, PartialEq, Eq, Clone, Debug)]
pub enum ClusterId {
/// traffic will go to the backend servers with this cluster id
Id {
/// traffic will go to the backend servers with this cluster id
id: String,
},
/// traffic to this frontend will be rejected with HTTP 401
Deny,
}

#[allow(clippy::from_over_into)]
impl std::convert::Into<Option<StateClusterId>> for ClusterId {
fn into(self) -> Option<StateClusterId> {
match self {
ClusterId::Deny => None,
ClusterId::Id { id } => Some(id),
}
}
}

#[derive(Subcommand, PartialEq, Eq, Clone, Debug)]
pub enum HttpFrontendCmd {
#[clap(name = "add")]
Expand All @@ -434,8 +410,8 @@ pub enum HttpFrontendCmd {
help = "frontend address, format: IP:port"
)]
address: SocketAddr,
#[clap(subcommand, name = "cluster_id")]
cluster_id: ClusterId,
#[clap(short = 'i', long = "id", help = "The id of the associated cluster")]
cluster_id: String,
#[clap(long = "hostname", aliases = &["host"])]
hostname: String,
#[clap(short = 'p', long = "path-prefix", help = "URL prefix of the frontend")]
Expand Down Expand Up @@ -463,8 +439,8 @@ pub enum HttpFrontendCmd {
help = "frontend address, format: IP:port"
)]
address: SocketAddr,
#[clap(subcommand, name = "cluster_id")]
cluster_id: ClusterId,
#[clap(short = 'i', long = "id", help = "The id of the associated cluster")]
cluster_id: String,
#[clap(long = "hostname", aliases = &["host"])]
hostname: String,
#[clap(short = 'p', long = "path-prefix", help = "URL prefix of the frontend")]
Expand Down
48 changes: 28 additions & 20 deletions bin/src/command/requests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,27 +226,35 @@ impl CommandServer {
for request in requests {
message_counter += 1;

if self.state.dispatch(&request.content).is_ok() {
diff_counter += 1;

let mut found = false;
let id = format!("LOAD-STATE-{}-{diff_counter}", request.id);

for worker in
self.workers.iter_mut().filter(|worker| worker.is_active())
{
let worker_message_id = format!("{}-{}", id, worker.id);
worker
.send(worker_message_id.clone(), request.content.clone())
.await;
self.in_flight
.insert(worker_message_id, (load_state_tx.clone(), 1));

found = true;
match self.state.dispatch(&request.content) {
Ok(()) => {
diff_counter += 1;

let mut found = false;
let id = format!("LOAD-STATE-{}-{diff_counter}", request.id);

for worker in
self.workers.iter_mut().filter(|worker| worker.is_active())
{
let worker_message_id = format!("{}-{}", id, worker.id);
worker
.send(worker_message_id.clone(), request.content.clone())
.await;
self.in_flight
.insert(worker_message_id, (load_state_tx.clone(), 1));

found = true;
}

if !found {
bail!("no worker found");
}
}

if !found {
bail!("no worker found");
Err(e) => {
warn!(
"Request {} could not be dispatched on the state: {}",
request, e
);
}
}
}
Expand Down
20 changes: 4 additions & 16 deletions bin/src/ctl/display.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,10 +150,7 @@ pub fn print_frontend_list(frontends: ListedFrontends) {
]);
for http_frontend in frontends.http_frontends.iter() {
table.add_row(row!(
http_frontend
.cluster_id
.clone()
.unwrap_or("Deny".to_owned()),
http_frontend.cluster_id,
http_frontend.address.to_string(),
http_frontend.hostname.to_string(),
format!("{:?}", http_frontend.path),
Expand Down Expand Up @@ -181,10 +178,7 @@ pub fn print_frontend_list(frontends: ListedFrontends) {
]);
for https_frontend in frontends.https_frontends.iter() {
table.add_row(row!(
https_frontend
.cluster_id
.clone()
.unwrap_or("Deny".to_owned()),
https_frontend.cluster_id,
https_frontend.address.to_string(),
https_frontend.hostname.to_string(),
format!("{:?}", https_frontend.path),
Expand Down Expand Up @@ -514,10 +508,7 @@ pub fn print_cluster_responses(

for (key, values) in http_frontends.iter() {
let mut row = Vec::new();
match &key.cluster_id {
Some(cluster_id) => row.push(cell!(cluster_id)),
None => row.push(cell!("-")),
}
row.push(cell!(key.cluster_id));
row.push(cell!(key.hostname));
row.push(cell!(key.path));

Expand All @@ -538,10 +529,7 @@ pub fn print_cluster_responses(

for (key, values) in https_frontends.iter() {
let mut row = Vec::new();
match &key.cluster_id {
Some(cluster_id) => row.push(cell!(cluster_id)),
None => row.push(cell!("-")),
}
row.push(cell!(key.cluster_id));
row.push(cell!(key.hostname));
row.push(cell!(key.path));

Expand Down
16 changes: 8 additions & 8 deletions bin/src/ctl/request_builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,11 +200,11 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
tags,
} => self.send_request(
RequestType::AddHttpFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand All @@ -224,10 +224,10 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
} => self.send_request(
RequestType::RemoveHttpFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand All @@ -248,11 +248,11 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
tags,
} => self.send_request(
RequestType::AddHttpsFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand All @@ -272,10 +272,10 @@ impl CommandManager {
path_equals,
address,
method,
cluster_id: route,
cluster_id,
} => self.send_request(
RequestType::RemoveHttpsFrontend(RequestHttpFrontend {
cluster_id: route.into(),
cluster_id,
address: address.to_string(),
hostname,
path: PathRule::from_cli_options(path_prefix, path_regex, path_equals),
Expand Down
2 changes: 1 addition & 1 deletion command/src/command.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ message ListenersList {

// An HTTP or HTTPS frontend, as order to, or received from, Sōzu
message RequestHttpFrontend {
optional string cluster_id = 1;
required string cluster_id = 1;
required string address = 2;
required string hostname = 3;
required PathRule path = 4;
Expand Down
4 changes: 2 additions & 2 deletions command/src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -921,7 +921,7 @@ impl HttpFrontendConfig {

v.push(
RequestType::AddHttpsFrontend(RequestHttpFrontend {
cluster_id: Some(cluster_id.to_string()),
cluster_id: cluster_id.to_string(),
address: self.address.to_string(),
hostname: self.hostname.clone(),
path: self.path.clone(),
Expand All @@ -935,7 +935,7 @@ impl HttpFrontendConfig {
//create the front both for HTTP and HTTPS if possible
v.push(
RequestType::AddHttpFrontend(RequestHttpFrontend {
cluster_id: Some(cluster_id.to_string()),
cluster_id: cluster_id.to_string(),
address: self.address.to_string(),
hostname: self.hostname.clone(),
path: self.path.clone(),
Expand Down
3 changes: 1 addition & 2 deletions command/src/response.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,7 @@ impl Response {
/// An HTTP or HTTPS frontend, as used *within* Sōzu
#[derive(Debug, Clone, PartialOrd, Ord, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct HttpFrontend {
/// Send a 401, DENY, if cluster_id is None
pub cluster_id: Option<ClusterId>,
pub cluster_id: ClusterId,
pub address: SocketAddr,
pub hostname: String,
#[serde(default)]
Expand Down
Loading