REORG/MINOR: move haproxy maps to haproxy/maps

Author: Mo3m3n

controller/annotations/annotations.go

@@ -11,6 +11,7 @@ import (
 	"github.com/haproxytech/kubernetes-ingress/controller/annotations/ingress"
 	"github.com/haproxytech/kubernetes-ingress/controller/annotations/service"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/store"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
 )
@@ -57,7 +58,7 @@ func Defaults(d *models.Defaults) []Annotation {
 	}
 }
 
-func Frontend(i store.Ingress, r *haproxy.Rules, m haproxy.Maps) []Annotation {
+func Frontend(i store.Ingress, r *haproxy.Rules, m maps.MapFiles) []Annotation {
 	reqRateLimit := ingress.NewReqRateLimit(r)
 	httpsRedirect := ingress.NewHTTPSRedirect(r, i)
 	hostRedirect := ingress.NewHostRedirect(r)

controller/annotations/ingress/accessControl.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/haproxytech/kubernetes-ingress/controller/annotations/common"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/rules"
 	"github.com/haproxytech/kubernetes-ingress/controller/store"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
@@ -15,15 +16,15 @@ import (
 type AccessControl struct {
 	name      string
 	rules     *haproxy.Rules
-	maps      haproxy.Maps
+	maps      maps.MapFiles
 	whitelist bool
 }
 
-func NewBlackList(n string, rules *haproxy.Rules, m haproxy.Maps) *AccessControl {
+func NewBlackList(n string, rules *haproxy.Rules, m maps.MapFiles) *AccessControl {
 	return &AccessControl{name: n, rules: rules, maps: m}
 }
 
-func NewWhiteList(n string, rules *haproxy.Rules, m haproxy.Maps) *AccessControl {
+func NewWhiteList(n string, rules *haproxy.Rules, m maps.MapFiles) *AccessControl {
 	return &AccessControl{name: n, rules: rules, maps: m, whitelist: true}
 }
 
@@ -36,13 +37,13 @@ func (a *AccessControl) Process(k store.K8s, annotations ...map[string]string) (
 	if input == "" {
 		return
 	}
-	var mapName string
+	var mapName maps.Name
 	var whitelist bool
 	if a.whitelist {
-		mapName = "whitelist-" + utils.Hash([]byte(input))
+		mapName = maps.Name("whitelist-" + utils.Hash([]byte(input)))
 		whitelist = true
 	} else {
-		mapName = "blacklist-" + utils.Hash([]byte(input))
+		mapName = maps.Name("blacklist-" + utils.Hash([]byte(input)))
 	}
 	if !a.maps.Exists(mapName) {
 		for _, address := range strings.Split(input, ",") {
@@ -56,7 +57,7 @@ func (a *AccessControl) Process(k store.K8s, annotations ...map[string]string) (
 		}
 	}
 	a.rules.Add(&rules.ReqDeny{
-		SrcIPsMap: mapName,
+		SrcIPsMap: maps.GetPath(mapName),
 		Whitelist: whitelist,
 	})
 	return

controller/configuration/main.go

@@ -20,12 +20,13 @@ import (
 	"path/filepath"
 
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/rules"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
 )
 
 type ControllerCfg struct {
-	MapFiles        *haproxy.Maps
+	MapFiles        *maps.MapFiles
 	HAProxyRules    haproxy.SectionRules
 	Certificates    *haproxy.Certificates
 	ActiveBackends  map[string]struct{}
@@ -68,7 +69,7 @@ func (c *ControllerCfg) Init() (err error) {
 	if err = c.envInit(); err != nil {
 		return err
 	}
-	c.MapFiles = haproxy.NewMapFiles(c.Env.MapDir)
+	c.MapFiles = maps.New(c.Env.MapDir)
 	if err := c.haproxyRulesInit(); err != nil {
 		return err
 	}
@@ -112,23 +113,23 @@ func (c *ControllerCfg) haproxyRulesInit() error {
 			c.HAProxyRules.AddRule(rules.ReqSetVar{
 				Name:       "host_match",
 				Scope:      "txn",
-				Expression: fmt.Sprintf("var(txn.host),map(%s)", haproxy.GetMapPath(haproxy.MAP_HOST)),
+				Expression: fmt.Sprintf("var(txn.host),map(%s)", maps.GetPath(maps.HOST)),
 			}, false, frontend),
 			c.HAProxyRules.AddRule(rules.ReqSetVar{
 				Name:       "host_match",
 				Scope:      "txn",
-				Expression: fmt.Sprintf("var(txn.host),regsub(^[^.]*,,),map(%s,'')", haproxy.GetMapPath(haproxy.MAP_HOST)),
+				Expression: fmt.Sprintf("var(txn.host),regsub(^[^.]*,,),map(%s,'')", maps.GetPath(maps.HOST)),
 				CondTest:   "!{ var(txn.host_match) -m found }",
 			}, false, frontend),
 			c.HAProxyRules.AddRule(rules.ReqSetVar{
 				Name:       "path_match",
 				Scope:      "txn",
-				Expression: fmt.Sprintf("var(txn.host_match),concat(,txn.path,),map(%s)", haproxy.GetMapPath(haproxy.MAP_PATH_EXACT)),
+				Expression: fmt.Sprintf("var(txn.host_match),concat(,txn.path,),map(%s)", maps.GetPath(maps.PATH_EXACT)),
 			}, false, frontend),
 			c.HAProxyRules.AddRule(rules.ReqSetVar{
 				Name:       "path_match",
 				Scope:      "txn",
-				Expression: fmt.Sprintf("var(txn.host_match),concat(,txn.path,),map_beg(%s)", haproxy.GetMapPath(haproxy.MAP_PATH_PREFIX)),
+				Expression: fmt.Sprintf("var(txn.host_match),concat(,txn.path,),map_beg(%s)", maps.GetPath(maps.PATH_PREFIX)),
 				CondTest:   "!{ var(txn.path_match) -m found }",
 			}, false, frontend),
 		)

controller/handler/https.go

@@ -24,6 +24,7 @@ import (
 	config "github.com/haproxytech/kubernetes-ingress/controller/configuration"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/api"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/rules"
 	"github.com/haproxytech/kubernetes-ingress/controller/store"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
@@ -195,7 +196,7 @@ func (h HTTPS) enableSSLPassthrough(cfg *config.ControllerCfg, api api.HAProxyCl
 	frontend := models.Frontend{
 		Name:           cfg.FrontSSL,
 		Mode:           "tcp",
-		LogFormat:      "'%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs haproxy.MAP_SNI: %[var(sess.sni)]'",
+		LogFormat:      "'%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs SNI: %[var(sess.sni)]'",
 		DefaultBackend: cfg.BackSSL,
 	}
 	err = api.FrontendCreate(frontend)
@@ -276,12 +277,12 @@ func (h HTTPS) sslPassthroughRules(k store.K8s, cfg *config.ControllerCfg) error
 		cfg.HAProxyRules.AddRule(rules.ReqSetVar{
 			Name:       "sni_match",
 			Scope:      "txn",
-			Expression: fmt.Sprintf("req_ssl_sni,map(%s)", haproxy.GetMapPath(haproxy.MAP_SNI)),
+			Expression: fmt.Sprintf("req_ssl_sni,map(%s)", maps.GetPath(maps.SNI)),
 		}, false, cfg.FrontSSL),
 		cfg.HAProxyRules.AddRule(rules.ReqSetVar{
 			Name:       "sni_match",
 			Scope:      "txn",
-			Expression: fmt.Sprintf("req_ssl_sni,regsub(^[^.]*,,),map(%s)", haproxy.GetMapPath(haproxy.MAP_SNI)),
+			Expression: fmt.Sprintf("req_ssl_sni,regsub(^[^.]*,,),map(%s)", maps.GetPath(maps.SNI)),
 			CondTest:   "!{ var(txn.sni_match) -m found }",
 		}, false, cfg.FrontSSL),
 	)

controller/handler/proxy-protocol.go

@@ -21,6 +21,7 @@ import (
 	"github.com/haproxytech/kubernetes-ingress/controller/annotations"
 	config "github.com/haproxytech/kubernetes-ingress/controller/configuration"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/api"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/rules"
 	"github.com/haproxytech/kubernetes-ingress/controller/store"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
@@ -35,7 +36,7 @@ func (p ProxyProtocol) Update(k store.K8s, cfg *config.ControllerCfg, api api.HA
 		return false, nil
 	}
 	// Validate annotation
-	mapName := "proxy-protocol-" + utils.Hash([]byte(annProxyProtocol))
+	mapName := maps.Name("proxy-protocol-" + utils.Hash([]byte(annProxyProtocol)))
 	if !cfg.MapFiles.Exists(mapName) {
 		for _, address := range strings.Split(annProxyProtocol, ",") {
 			address = strings.TrimSpace(address)
@@ -55,7 +56,7 @@ func (p ProxyProtocol) Update(k store.K8s, cfg *config.ControllerCfg, api api.HA
 		frontends = []string{cfg.FrontHTTP, cfg.FrontSSL}
 	}
 	for _, frontend := range frontends {
-		err = cfg.HAProxyRules.AddRule(rules.ReqProxyProtocol{SrcIPsMap: mapName}, false, frontend)
+		err = cfg.HAProxyRules.AddRule(rules.ReqProxyProtocol{SrcIPsMap: maps.GetPath(mapName)}, false, frontend)
 		if err != nil {
 			return
 		}

controller/haproxy/maps.go renamed to controller/haproxy/maps/main.go

@@ -1,4 +1,4 @@
-// Copyright 2019 HAProxy Technologies LLC
+// CopyriFiles 2019 HAProxy Technologies LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package haproxy
+package maps
 
 import (
 	"hash/fnv"
@@ -22,18 +22,26 @@ import (
 	"strings"
 
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/api"
+	"github.com/haproxytech/kubernetes-ingress/controller/utils"
 )
 
-type Maps map[string]*mapFile
+type MapFiles map[Name]*mapFile
+
+type Name string
+
+type Path string
+
+// module logger
+var logger = utils.GetLogger()
 
 var mapDir string
 
 //nolint:golint,stylecheck
 const (
-	MAP_SNI         = "sni"
-	MAP_HOST        = "host"
-	MAP_PATH_EXACT  = "path-exact"
-	MAP_PATH_PREFIX = "path-prefix"
+	SNI         Name = "sni"
+	HOST        Name = "host"
+	PATH_EXACT  Name = "path-exact"
+	PATH_PREFIX Name = "path-prefix"
 )
 
 type mapFile struct {
@@ -55,24 +63,24 @@ func (mf *mapFile) getContent() (string, uint64) {
 	return content, h.Sum64()
 }
 
-func NewMapFiles(path string) *Maps {
+func New(path string) *MapFiles {
 	mapDir = path
-	var maps Maps = map[string]*mapFile{
+	var maps MapFiles = map[Name]*mapFile{
 		// Map files required for HAProxy Rules
-		MAP_SNI:         {preserve: true},
-		MAP_HOST:        {preserve: true},
-		MAP_PATH_EXACT:  {preserve: true},
-		MAP_PATH_PREFIX: {preserve: true},
+		SNI:         {preserve: true},
+		HOST:        {preserve: true},
+		PATH_EXACT:  {preserve: true},
+		PATH_PREFIX: {preserve: true},
 	}
 	return &maps
 }
 
-func (m Maps) Exists(name string) bool {
+func (m MapFiles) Exists(name Name) bool {
 	return m[name] != nil && len(m[name].rows) != 0
 }
 
 // AppendRow appends row to mapFile
-func (m Maps) AppendRow(name string, row string) {
+func (m MapFiles) AppendRow(name Name, row string) {
 	if row == "" {
 		return
 	}
@@ -82,13 +90,13 @@ func (m Maps) AppendRow(name string, row string) {
 	m[name].rows = append(m[name].rows, row)
 }
 
-func (m Maps) Clean() {
+func (m MapFiles) Clean() {
 	for _, mapFile := range m {
 		mapFile.rows = []string{}
 	}
 }
 
-func (m Maps) Refresh(client api.HAProxyClient) (reload bool) {
+func (m MapFiles) Refresh(client api.HAProxyClient) (reload bool) {
 	for name, mapFile := range m {
 		content, hash := mapFile.getContent()
 		if mapFile.hash == hash {
@@ -97,12 +105,12 @@ func (m Maps) Refresh(client api.HAProxyClient) (reload bool) {
 		mapFile.hash = hash
 		var f *os.File
 		var err error
-		filename := GetMapPath(name)
+		filename := GetPath(name)
 		if content == "" && !mapFile.preserve {
-			logger.Error(os.Remove(filename))
+			logger.Error(os.Remove(string(filename)))
 			delete(m, name)
 			continue
-		} else if f, err = os.Create(filename); err != nil {
+		} else if f, err = os.Create(string(filename)); err != nil {
 			logger.Error(err)
 			continue
 		}
@@ -126,6 +134,6 @@ func (m Maps) Refresh(client api.HAProxyClient) (reload bool) {
 	return reload
 }
 
-func GetMapPath(name string) string {
-	return path.Join(mapDir, name) + ".map"
+func GetPath(name Name) Path {
+	return Path(path.Join(mapDir, string(name)) + ".map")
 }

controller/haproxy/rules/reqDeny.go

@@ -7,11 +7,12 @@ import (
 
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/api"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
 )
 
 type ReqDeny struct {
-	SrcIPsMap string
+	SrcIPsMap maps.Path
 	Whitelist bool
 }
 
@@ -20,7 +21,6 @@ func (r ReqDeny) GetType() haproxy.RuleType {
 }
 
 func (r ReqDeny) Create(client api.HAProxyClient, frontend *models.Frontend, ingressACL string) error {
-	srcIpsMap := haproxy.GetMapPath(r.SrcIPsMap)
 	not := ""
 	if r.Whitelist {
 		not = "!"
@@ -31,7 +31,7 @@ func (r ReqDeny) Create(client api.HAProxyClient, frontend *models.Frontend, ing
 			Type:     "content",
 			Action:   "reject",
 			Cond:     "if",
-			CondTest: fmt.Sprintf("%s{ src -f %s }", not, srcIpsMap),
+			CondTest: fmt.Sprintf("%s{ src -f %s }", not, r.SrcIPsMap),
 		}
 		return client.FrontendTCPRequestRuleCreate(frontend.Name, tcpRule, ingressACL)
 	}
@@ -40,7 +40,7 @@ func (r ReqDeny) Create(client api.HAProxyClient, frontend *models.Frontend, ing
 		Type:       "deny",
 		DenyStatus: utils.PtrInt64(403),
 		Cond:       "if",
-		CondTest:   fmt.Sprintf("%s{ src -f %s }", not, srcIpsMap),
+		CondTest:   fmt.Sprintf("%s{ src -f %s }", not, r.SrcIPsMap),
 	}
 	return client.FrontendHTTPRequestRuleCreate(frontend.Name, httpRule, ingressACL)
 }

controller/haproxy/rules/reqProxyProtocol.go

@@ -7,11 +7,12 @@ import (
 
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy"
 	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/api"
+	"github.com/haproxytech/kubernetes-ingress/controller/haproxy/maps"
 	"github.com/haproxytech/kubernetes-ingress/controller/utils"
 )
 
 type ReqProxyProtocol struct {
-	SrcIPsMap string
+	SrcIPsMap maps.Path
 }
 
 func (r ReqProxyProtocol) GetType() haproxy.RuleType {
@@ -24,7 +25,7 @@ func (r ReqProxyProtocol) Create(client api.HAProxyClient, frontend *models.Fron
 		Type:     "connection",
 		Action:   models.TCPRequestRuleActionExpectProxy,
 		Cond:     "if",
-		CondTest: fmt.Sprintf("{ src -f %s }", haproxy.GetMapPath(r.SrcIPsMap)),
+		CondTest: fmt.Sprintf("{ src -f %s }", r.SrcIPsMap),
 	}
 	return client.FrontendTCPRequestRuleCreate(frontend.Name, tcpRule, ingressACL)
 }