Merge ~hloeung/content-cache-charm:fixes into content-cache-charm:master

Proposed by Haw Loeung
Status: Merged
Approved by: James Simpson
Approved revision: 638443bfad70b34556adc506a27193ca417b6f14
Merged at revision: d527d38fa781c977cbe19256adfc8198e102ec07
Proposed branch: ~hloeung/content-cache-charm:fixes
Merge into: content-cache-charm:master
Diff against target: 232 lines (+60/-1)
12 files modified
reactive/content_cache.py (+5/-1)
tests/unit/files/config_test_config.txt (+12/-0)
tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+5/-0)
tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt (+5/-0)
tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt (+5/-0)
tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt (+5/-0)
tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt (+5/-0)
tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt (+1/-0)
tests/unit/files/haproxy_config_rendered_test_output.txt (+1/-0)
tests/unit/files/haproxy_config_rendered_test_output2.txt (+1/-0)
tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt (+1/-0)
tests/unit/files/nginx_config_rendered_test_output-site2.local.txt (+14/-0)
Reviewer Review Type Date Requested Status
James Simpson Approve
Canonical IS Reviewers Pending
Review via email: mp+465893@code.launchpad.net

Commit message

Fix duplicate X-F-F headers when more than one location

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
James Simpson (jsimpso) wrote :

LGTM

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision d527d38fa781c977cbe19256adfc8198e102ec07

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/reactive/content_cache.py b/reactive/content_cache.py
2index ebbb3ab..c110cd2 100644
3--- a/reactive/content_cache.py
4+++ b/reactive/content_cache.py
5@@ -345,7 +345,11 @@ def configure_haproxy(): # NOQA: C901 LP#1825084
6 new_cached_loc_conf['backend-options'] = site_conf.get('haproxy-extra-configs', [])
7 # Rather than enable haproxy's 'option forwardfor' we want to replace
8 # the X-F-F header in case it's spoofed.
9- new_cached_loc_conf['backend-options'].insert(0, 'http-request set-header X-Forwarded-For %[src]')
10+ if (
11+ len(new_cached_loc_conf['backend-options']) == 0
12+ or new_cached_loc_conf['backend-options'][0] != 'http-request set-header X-Forwarded-For %[src]'
13+ ):
14+ new_cached_loc_conf['backend-options'].insert(0, 'http-request set-header X-Forwarded-For %[src]')
15
16 new_cached_loc_conf['rate-limit'] = loc_conf.get('rate-limit', '')
17
18diff --git a/tests/unit/files/config_test_config.txt b/tests/unit/files/config_test_config.txt
19index eab890b..c4f748b 100644
20--- a/tests/unit/files/config_test_config.txt
21+++ b/tests/unit/files/config_test_config.txt
22@@ -30,14 +30,26 @@ site2.local:
23 - 127.0.1.10:443
24 - 127.0.1.11:443
25 - 127.0.1.12:443
26+ backend-options: ['http-request set-header X-Forwarded-For %[src]']
27 /my-local-content/:
28 extra-config:
29 - root /var/www/html
30 /my-local-content2/:
31 extra-configs:
32 - root /var/www/html
33+ /.well-known/matrix/server:
34+ extra-config:
35+ - "return 200 '{\"m.server\": \"chat-server.ubuntu.com:443\"}'"
36+ /.well-known/matrix/client:
37+ extra-config:
38+ - "return 200 '{\"m.homeserver\": {\"base_url\": \"https://chat-server.ubuntu.com\"}}'"
39 # Test default site with only a single backend.
40 default: True
41+ haproxy-extra-configs:
42+ - http-request set-var(txn.path) path
43+ - acl p_matrix var(txn.path) -m beg /.well-known/matrix
44+ - http-response set-header Content-Type application/json if p_matrix
45+ - http-response set-header Access-Control-Allow-Origin * if p_matrix
46
47 # Test 3: No port, just backends (HTTP), with custom cache-maxconn
48 site3.local:
49diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
50index c08bb5a..6d6cbed 100644
51--- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
52+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
53@@ -209,12 +209,17 @@ backend backend-cached-site2-local
54 http-request set-header X-Orig-Host %[req.hdr(Host)]
55 http-request set-header Host site2.local
56 http-request set-header X-Forwarded-For %[src]
57+ http-request set-var(txn.path) path
58+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
59+ http-response set-header Content-Type application/json if p_matrix
60+ http-response set-header Access-Control-Allow-Origin * if p_matrix
61 balance leastconn
62 server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
63
64 backend backend-site2-local
65 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
66 http-request set-header Host site2.local
67+ http-request set-header X-Forwarded-For %[src]
68 option redispatch 1
69 balance leastconn
70 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
71diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
72index bece830..56189ae 100644
73--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
74+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
75@@ -209,12 +209,17 @@ backend backend-cached-site2-local
76 http-request set-header X-Orig-Host %[req.hdr(Host)]
77 http-request set-header Host site2.local
78 http-request set-header X-Forwarded-For %[src]
79+ http-request set-var(txn.path) path
80+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
81+ http-response set-header Content-Type application/json if p_matrix
82+ http-response set-header Access-Control-Allow-Origin * if p_matrix
83 balance leastconn
84 server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
85
86 backend backend-site2-local
87 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
88 http-request set-header Host site2.local
89+ http-request set-header X-Forwarded-For %[src]
90 option redispatch 1
91 balance leastconn
92 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
93diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
94index f05826e..032728a 100644
95--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
96+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
97@@ -209,12 +209,17 @@ backend backend-cached-site2-local
98 http-request set-header X-Orig-Host %[req.hdr(Host)]
99 http-request set-header Host site2.local
100 http-request set-header X-Forwarded-For %[src]
101+ http-request set-var(txn.path) path
102+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
103+ http-response set-header Content-Type application/json if p_matrix
104+ http-response set-header Access-Control-Allow-Origin * if p_matrix
105 balance roundrobin
106 server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
107
108 backend backend-site2-local
109 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
110 http-request set-header Host site2.local
111+ http-request set-header X-Forwarded-For %[src]
112 option redispatch 1
113 balance roundrobin
114 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
115diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
116index ddbc8c6..c72b5ee 100644
117--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
118+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
119@@ -210,12 +210,17 @@ backend backend-cached-site2-local
120 http-request set-header X-Orig-Host %[req.hdr(Host)]
121 http-request set-header Host site2.local
122 http-request set-header X-Forwarded-For %[src]
123+ http-request set-var(txn.path) path
124+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
125+ http-response set-header Content-Type application/json if p_matrix
126+ http-response set-header Access-Control-Allow-Origin * if p_matrix
127 balance leastconn
128 server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
129
130 backend backend-site2-local
131 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
132 http-request set-header Host site2.local
133+ http-request set-header X-Forwarded-For %[src]
134 option redispatch 1
135 balance leastconn
136 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
137diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
138index e48af71..c5251fa 100644
139--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
140+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
141@@ -213,6 +213,10 @@ backend backend-cached-site2-local
142 http-request set-header X-Orig-Host %[req.hdr(Host)]
143 http-request set-header Host site2.local
144 http-request set-header X-Forwarded-For %[src]
145+ http-request set-var(txn.path) path
146+ acl p_matrix var(txn.path) -m beg /.well-known/matrix
147+ http-response set-header Content-Type application/json if p_matrix
148+ http-response set-header Access-Control-Allow-Origin * if p_matrix
149 balance leastconn
150 server server_1 127.0.0.1:6081 check inter 2s rise 2 fall 60 maxconn 3072
151
152@@ -220,6 +224,7 @@ backend backend-site2-local
153 option httpchk GET /check/ HTTP/1.1
154 http-check send hdr Host site2.local hdr User-Agent haproxy/httpchk
155 http-request set-header Host site2.local
156+ http-request set-header X-Forwarded-For %[src]
157 retry-on all-retryable-errors
158 option redispatch 1
159 balance leastconn
160diff --git a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
161index 565c469..48984b1 100644
162--- a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
163+++ b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
164@@ -10,6 +10,7 @@ backend backend-site1-local
165 backend backend-site2-local
166 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
167 http-request set-header Host site2.local
168+ http-request set-header X-Forwarded-For %[src]
169 balance leastconn
170 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
171 server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
172diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt
173index 4121b07..ba08267 100644
174--- a/tests/unit/files/haproxy_config_rendered_test_output.txt
175+++ b/tests/unit/files/haproxy_config_rendered_test_output.txt
176@@ -126,6 +126,7 @@ backend backend-site1-local
177 backend backend-site2-local
178 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
179 http-request set-header Host site2.local
180+ http-request set-header X-Forwarded-For %[src]
181 balance leastconn
182 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
183 server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
184diff --git a/tests/unit/files/haproxy_config_rendered_test_output2.txt b/tests/unit/files/haproxy_config_rendered_test_output2.txt
185index 22c56ab..a5b3d08 100644
186--- a/tests/unit/files/haproxy_config_rendered_test_output2.txt
187+++ b/tests/unit/files/haproxy_config_rendered_test_output2.txt
188@@ -126,6 +126,7 @@ backend backend-site1-local
189 backend backend-site2-local
190 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
191 http-request set-header Host site2.local
192+ http-request set-header X-Forwarded-For %[src]
193 balance leastconn
194 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
195 server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
196diff --git a/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt b/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt
197index 7166d28..0ec24fa 100644
198--- a/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt
199+++ b/tests/unit/files/haproxy_config_rendered_test_output_with_extra_configs.txt
200@@ -126,6 +126,7 @@ backend backend-site1-local
201 backend backend-site2-local
202 option httpchk GET /check/ HTTP/1.1\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
203 http-request set-header Host site2.local
204+ http-request set-header X-Forwarded-For %[src]
205 balance leastconn
206 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
207 server server_2 127.0.1.11:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
208diff --git a/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt b/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt
209index 6264b6e..b3392bd 100644
210--- a/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt
211+++ b/tests/unit/files/nginx_config_rendered_test_output-site2.local.txt
212@@ -43,6 +43,20 @@ server {
213 root /var/www/html;
214 }
215
216+
217+ location /.well-known/matrix/server {
218+ proxy_cache 9813f9fe7826-cache;
219+ add_header X-Cache-Status "$upstream_cache_status from mock-content-cache/0";
220+ return 200 '{"m.server": "chat-server.ubuntu.com:443"}';
221+ }
222+
223+
224+ location /.well-known/matrix/client {
225+ proxy_cache 9813f9fe7826-cache;
226+ add_header X-Cache-Status "$upstream_cache_status from mock-content-cache/0";
227+ return 200 '{"m.homeserver": {"base_url": "https://chat-server.ubuntu.com"}}';
228+ }
229+
230 location /_status/content-cache-check {
231 stub_status;
232 }

Subscribers

People subscribed via source and target branches