Content Cache Charm

Merge ~hloeung/content-cache-charm:fixes into content-cache-charm:master

Proposed by Haw Loeung on 2024-05-10

Status:	Merged
Approved by:	James Simpson on 2024-05-10
Approved revision:	638443bfad70b34556adc506a27193ca417b6f14
Merged at revision:	d527d38fa781c977cbe19256adfc8198e102ec07
Proposed branch:	~hloeung/content-cache-charm:fixes
Merge into:	content-cache-charm:master
Diff against target:	232 lines (+60/-1) 12 files modified reactive/content_cache.py (+5/-1) tests/unit/files/config_test_config.txt (+12/-0) tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+5/-0) tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt (+5/-0) tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt (+5/-0) tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt (+5/-0) tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt (+5/-0) tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt (+1/-0) tests/unit/files/haproxy_config_rendered_test_output.txt (+1/-0) tests/unit/files/haproxy_config_rendered_test_output2.txt (+1/-0) tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt (+1/-0) tests/unit/files/nginx_config_rendered_test_output-site2.local.txt (+14/-0)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
James Simpson	2024-05-10	Approve on 2024-05-10
Canonical IS Reviewers	2024-05-10	Pending
Review via email: mp+465893@code.launchpad.net

Commit message

Fix duplicate X-F-F headers when more than one location

Revision history for this message

🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote on 2024-05-10:

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message

James Simpson (jsimpso) wrote on 2024-05-10:

LGTM

review: Approve

Revision history for this message

🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote on 2024-05-10:

Change successfully merged at revision d527d38fa781c977cbe19256adfc8198e102ec07

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Content Cache Charmers

Haw Loeung

1	diff --git a/reactive/content_cache.py b/reactive/content_cache.py
2	index ebbb3ab..c110cd2 100644
3	--- a/reactive/content_cache.py
4	+++ b/reactive/content_cache.py
5	@@ -345,7 +345,11 @@ def configure_haproxy(): # NOQA: C901 LP#1825084
6	new_cached_loc_conf['backend-options'] = site_conf.get('haproxy-extra-configs', [])
7	# Rather than enable haproxy's 'option forwardfor' we want to replace
8	# the X-F-F header in case it's spoofed.
9	- new_cached_loc_conf['backend-options'].insert(0, 'http-request set-header X-Forwarded-For %[src]')
10	+ if (
11	+ len(new_cached_loc_conf['backend-options']) == 0
12	+ or new_cached_loc_conf['backend-options'][0] != 'http-request set-header X-Forwarded-For %[src]'
13	+ ):
14	+ new_cached_loc_conf['backend-options'].insert(0, 'http-request set-header X-Forwarded-For %[src]')
15
16	new_cached_loc_conf['rate-limit'] = loc_conf.get('rate-limit', '')
17
18	diff --git a/tests/unit/files/config_test_config.txt b/tests/unit/files/config_test_config.txt
19	index eab890b..c4f748b 100644
20	--- a/tests/unit/files/config_test_config.txt
21	+++ b/tests/unit/files/config_test_config.txt
22	@@ -30,14 +30,26 @@ site2.local:
23	- 127.0.1.10:443
24	- 127.0.1.11:443
25	- 127.0.1.12:443
26	+ backend-options: ['http-request set-header X-Forwarded-For %[src]']
27	/my-local-content/:
28	extra-config:
29	- root /var/www/html
30	/my-local-content2/:
31	extra-configs:
32	- root /var/www/html
33	+ /.well-known/matrix/server:
34	+ extra-config:
35	+ - "return 200 '{\"m.server\": \"chat-server.ubuntu.com:443\"}'"
36	+ /.well-known/matrix/client:
37	+ extra-config:
38	+ - "return 200 '{\"m.homeserver\": {\"base_url\": \"https://chat-server.ubuntu.com\"}}'"
39	# Test default site with only a single backend.
40	default: True
41	+ haproxy-extra-configs:
42	+ - http-request set-var(txn.path) path
43	+ - acl p_matrix var(txn.path) -m beg /.well-known/matrix
44	+ - http-response set-header Content-Type application/json if p_matrix
45	+ - http-response set-header Access-Control-Allow-Origin * if p_matrix
46
47	# Test 3: No port, just backends (HTTP), with custom cache-maxconn
48	site3.local:
49	diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
50	index c08bb5a..6d6cbed 100644
51	--- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
52	+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
53	@@ -209,12 +209,17 @@ backend backend-cached-site2-local
54	http-request set-header X-Orig-Host %[req.hdr(Host)]
55	http-request set-header Host site2.local
56	http-request set-header X-Forwarded-For %[src]
57	+ http-request set-var(txn.path) path
58	+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
59	+ http-response set-header Content-Type application/json if p_matrix
60	+ http-response set-header Access-Control-Allow-Origin * if p_matrix
61	balance leastconn
62	server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
63
64	backend backend-site2-local
65	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
66	http-request set-header Host site2.local
67	+ http-request set-header X-Forwarded-For %[src]
68	option redispatch 1
69	balance leastconn
70	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
71	diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
72	index bece830..56189ae 100644
73	--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
74	+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
75	@@ -209,12 +209,17 @@ backend backend-cached-site2-local
76	http-request set-header X-Orig-Host %[req.hdr(Host)]
77	http-request set-header Host site2.local
78	http-request set-header X-Forwarded-For %[src]
79	+ http-request set-var(txn.path) path
80	+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
81	+ http-response set-header Content-Type application/json if p_matrix
82	+ http-response set-header Access-Control-Allow-Origin * if p_matrix
83	balance leastconn
84	server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
85
86	backend backend-site2-local
87	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
88	http-request set-header Host site2.local
89	+ http-request set-header X-Forwarded-For %[src]
90	option redispatch 1
91	balance leastconn
92	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
93	diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
94	index f05826e..032728a 100644
95	--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
96	+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
97	@@ -209,12 +209,17 @@ backend backend-cached-site2-local
98	http-request set-header X-Orig-Host %[req.hdr(Host)]
99	http-request set-header Host site2.local
100	http-request set-header X-Forwarded-For %[src]
101	+ http-request set-var(txn.path) path
102	+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
103	+ http-response set-header Content-Type application/json if p_matrix
104	+ http-response set-header Access-Control-Allow-Origin * if p_matrix
105	balance roundrobin
106	server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
107
108	backend backend-site2-local
109	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
110	http-request set-header Host site2.local
111	+ http-request set-header X-Forwarded-For %[src]
112	option redispatch 1
113	balance roundrobin
114	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
115	diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
116	index ddbc8c6..c72b5ee 100644
117	--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
118	+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
119	@@ -210,12 +210,17 @@ backend backend-cached-site2-local
120	http-request set-header X-Orig-Host %[req.hdr(Host)]
121	http-request set-header Host site2.local
122	http-request set-header X-Forwarded-For %[src]
123	+ http-request set-var(txn.path) path
124	+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
125	+ http-response set-header Content-Type application/json if p_matrix
126	+ http-response set-header Access-Control-Allow-Origin * if p_matrix
127	balance leastconn
128	server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
129
130	backend backend-site2-local
131	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
132	http-request set-header Host site2.local
133	+ http-request set-header X-Forwarded-For %[src]
134	option redispatch 1
135	balance leastconn
136	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
137	diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
138	index e48af71..c5251fa 100644
139	--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
140	+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
141	@@ -213,6 +213,10 @@ backend backend-cached-site2-local
142	http-request set-header X-Orig-Host %[req.hdr(Host)]
143	http-request set-header Host site2.local
144	http-request set-header X-Forwarded-For %[src]
145	+ http-request set-var(txn.path) path
146	+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
147	+ http-response set-header Content-Type application/json if p_matrix
148	+ http-response set-header Access-Control-Allow-Origin * if p_matrix
149	balance leastconn
150	server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
151
152	@@ -220,6 +224,7 @@ backend backend-site2-local
153	option httpchk GET /check/ HTTP/1.1
154	http-check send hdr Host site2.local hdr User-Agent haproxy/httpchk
155	http-request set-header Host site2.local
156	+ http-request set-header X-Forwarded-For %[src]
157	retry-on all-retryable-errors
158	option redispatch 1
159	balance leastconn
160	diff --git a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
161	index 565c469..48984b1 100644
162	--- a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
163	+++ b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
164	@@ -10,6 +10,7 @@ backend backend-site1-local
165	backend backend-site2-local
166	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
167	http-request set-header Host site2.local
168	+ http-request set-header X-Forwarded-For %[src]
169	balance leastconn
170	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
171	server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
172	diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt
173	index 4121b07..ba08267 100644
174	--- a/tests/unit/files/haproxy_config_rendered_test_output.txt
175	+++ b/tests/unit/files/haproxy_config_rendered_test_output.txt
176	@@ -126,6 +126,7 @@ backend backend-site1-local
177	backend backend-site2-local
178	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
179	http-request set-header Host site2.local
180	+ http-request set-header X-Forwarded-For %[src]
181	balance leastconn
182	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
183	server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
184	diff --git a/tests/unit/files/haproxy_config_rendered_test_output2.txt b/tests/unit/files/haproxy_config_rendered_test_output2.txt
185	index 22c56ab..a5b3d08 100644
186	--- a/tests/unit/files/haproxy_config_rendered_test_output2.txt
187	+++ b/tests/unit/files/haproxy_config_rendered_test_output2.txt
188	@@ -126,6 +126,7 @@ backend backend-site1-local
189	backend backend-site2-local
190	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
191	http-request set-header Host site2.local
192	+ http-request set-header X-Forwarded-For %[src]
193	balance leastconn
194	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
195	server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
196	diff --git a/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt b/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt
197	index 7166d28..0ec24fa 100644
198	--- a/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt
199	+++ b/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt
200	@@ -126,6 +126,7 @@ backend backend-site1-local
201	backend backend-site2-local
202	option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
203	http-request set-header Host site2.local
204	+ http-request set-header X-Forwarded-For %[src]
205	balance leastconn
206	server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
207	server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
208	diff --git a/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt b/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt
209	index 6264b6e..b3392bd 100644
210	--- a/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt
211	+++ b/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt
212	@@ -43,6 +43,20 @@ server {
213	root /var/www/html;
214	}
215
216	+
217	+ location /.well-known/matrix/server {
218	+ proxy_cache 9813f9fe7826-cache;
219	+ add_header X-Cache-Status "$upstream_cache_status from mock-content-cache/0";
220	+ return 200 '{"m.server": "chat-server.ubuntu.com:443"}';
221	+ }
222	+
223	+
224	+ location /.well-known/matrix/client {
225	+ proxy_cache 9813f9fe7826-cache;
226	+ add_header X-Cache-Status "$upstream_cache_status from mock-content-cache/0";
227	+ return 200 '{"m.homeserver": {"base_url": "https://chat-server.ubuntu.com"}}';
228	+ }
229	+
230	location /_status/content-cache-check {
231	stub_status;
232	}

Content Cache Charm

Merge ~hloeung/content-cache-charm:fixes into content-cache-charm:master

Commit message

Description of the change

Preview Diff

Subscribers