From 68685edfc9eaa96292d57bfb3cac40a2e436bff7 Mon Sep 17 00:00:00 2001 From: danielqsj Date: Mon, 21 Aug 2017 14:10:35 +0800 Subject: [PATCH 1/3] Add support for specific scheme for base url --- controllers/nginx/pkg/template/template.go | 8 +++- .../nginx/pkg/template/template_test.go | 38 +++++++++++-------- core/pkg/ingress/annotations/rewrite/main.go | 8 ++++ 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go index a5192d3965..b7d3dc860b 100644 --- a/controllers/nginx/pkg/template/template.go +++ b/controllers/nginx/pkg/template/template.go @@ -304,9 +304,15 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string { if location.Rewrite.AddBaseURL { // path has a slash suffix, so that it can be connected with baseuri directly bPath := fmt.Sprintf("%s%s", path, "$baseuri") - abu = fmt.Sprintf(`subs_filter '' '' r; + if len(location.Rewrite.BaseURLScheme) > 0 { + abu = fmt.Sprintf(`subs_filter '' '' r; + subs_filter '' '' r; + `, location.Rewrite.BaseURLScheme, bPath, location.Rewrite.BaseURLScheme, bPath) + } else { + abu = fmt.Sprintf(`subs_filter '' '' r; subs_filter '' '' r; `, bPath, bPath) + } } if location.Rewrite.Target == slash { diff --git a/controllers/nginx/pkg/template/template_test.go b/controllers/nginx/pkg/template/template_test.go index d3fa2ee6a5..824f8feb26 100644 --- a/controllers/nginx/pkg/template/template_test.go +++ b/controllers/nginx/pkg/template/template_test.go @@ -34,56 +34,64 @@ import ( var ( // TODO: add tests for secure endpoints tmplFuncTestcases = map[string]struct { - Path string - Target string - Location string - ProxyPass string - AddBaseURL bool + Path string + Target string + Location string + ProxyPass string + AddBaseURL bool + BaseURLScheme string }{ - "invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false}, + "invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false, ""}, "redirect / to /jenkins": {"/", "/jenkins", "~* /", ` rewrite /(.*) /jenkins/$1 break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect /something to /": {"/something", "/", `~* ^/something\/?(?.*)`, ` rewrite /something/(.*) /$1 break; rewrite /something / break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect /end-with-slash/ to /not-root": {"/end-with-slash/", "/not-root", "~* ^/end-with-slash/(?.*)", ` rewrite /end-with-slash/(.*) /not-root/$1 break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect /something-complex to /not-root": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?.*)`, ` rewrite /something-complex/(.*) /not-root/$1 break; proxy_pass http://upstream-name; - `, false}, + `, false, ""}, "redirect / to /jenkins and rewrite": {"/", "/jenkins", "~* /", ` rewrite /(.*) /jenkins/$1 break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, "redirect /something to / and rewrite": {"/something", "/", `~* ^/something\/?(?.*)`, ` rewrite /something/(.*) /$1 break; rewrite /something / break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, "redirect /end-with-slash/ to /not-root and rewrite": {"/end-with-slash/", "/not-root", `~* ^/end-with-slash/(?.*)`, ` rewrite /end-with-slash/(.*) /not-root/$1 break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, "redirect /something-complex to /not-root and rewrite": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?.*)`, ` rewrite /something-complex/(.*) /not-root/$1 break; proxy_pass http://upstream-name; subs_filter '' '' r; subs_filter '' '' r; - `, true}, + `, true, ""}, + "redirect /something to / and rewrite with specific scheme": {"/something", "/", `~* ^/something\/?(?.*)`, ` + rewrite /something/(.*) /$1 break; + rewrite /something / break; + proxy_pass http://upstream-name; + subs_filter '' '' r; + subs_filter '' '' r; + `, true, "http"}, } ) @@ -124,7 +132,7 @@ func TestBuildProxyPass(t *testing.T) { for k, tc := range tmplFuncTestcases { loc := &ingress.Location{ Path: tc.Path, - Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL}, + Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL, BaseURLScheme: tc.BaseURLScheme}, Backend: "upstream-name", } diff --git a/core/pkg/ingress/annotations/rewrite/main.go b/core/pkg/ingress/annotations/rewrite/main.go index 52cb984fd5..32cc421aeb 100644 --- a/core/pkg/ingress/annotations/rewrite/main.go +++ b/core/pkg/ingress/annotations/rewrite/main.go @@ -26,6 +26,7 @@ import ( const ( rewriteTo = "ingress.kubernetes.io/rewrite-target" addBaseURL = "ingress.kubernetes.io/add-base-url" + baseURLScheme = "ingress.kubernetes.io/base-url-scheme" sslRedirect = "ingress.kubernetes.io/ssl-redirect" forceSSLRedirect = "ingress.kubernetes.io/force-ssl-redirect" appRoot = "ingress.kubernetes.io/app-root" @@ -38,6 +39,8 @@ type Redirect struct { // AddBaseURL indicates if is required to add a base tag in the head // of the responses from the upstream servers AddBaseURL bool `json:"addBaseUrl"` + // BaseURLScheme override for the scheme passed to the base tag + BaseURLScheme string `json:"baseUrlScheme"` // SSLRedirect indicates if the location section is accessible SSL only SSLRedirect bool `json:"sslRedirect"` // ForceSSLRedirect indicates if the location section is accessible SSL only @@ -60,6 +63,9 @@ func (r1 *Redirect) Equal(r2 *Redirect) bool { if r1.AddBaseURL != r2.AddBaseURL { return false } + if r1.BaseURLScheme != r2.BaseURLScheme { + return false + } if r1.SSLRedirect != r2.SSLRedirect { return false } @@ -95,10 +101,12 @@ func (a rewrite) Parse(ing *extensions.Ingress) (interface{}, error) { fSslRe = a.backendResolver.GetDefaultBackend().ForceSSLRedirect } abu, _ := parser.GetBoolAnnotation(addBaseURL, ing) + bus, _ := parser.GetStringAnnotation(baseURLScheme, ing) ar, _ := parser.GetStringAnnotation(appRoot, ing) return &Redirect{ Target: rt, AddBaseURL: abu, + BaseURLScheme: bus, SSLRedirect: sslRe, ForceSSLRedirect: fSslRe, AppRoot: ar, From dedd787668cefbb858206c2c99cc53e89f694a8e Mon Sep 17 00:00:00 2001 From: danielqsj Date: Mon, 21 Aug 2017 14:37:17 +0800 Subject: [PATCH 2/3] Update base-url-scheme for nginx configuration.md --- controllers/nginx/configuration.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index 55f4af392a..6ffa79f3ea 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -39,6 +39,7 @@ The following annotations are supported: |Name |type| |---------------------------|------| |[ingress.kubernetes.io/add-base-url](#rewrite)|true or false| +|[ingress.kubernetes.io/base-url-scheme](#rewrite)|string| |[ingress.kubernetes.io/app-root](#rewrite)|string| |[ingress.kubernetes.io/affinity](#session-affinity)|cookie| |[ingress.kubernetes.io/auth-realm](#authentication)|string| @@ -190,6 +191,8 @@ Set the annotation `ingress.kubernetes.io/rewrite-target` to the path expected b If the application contains relative links it is possible to add an additional annotation `ingress.kubernetes.io/add-base-url` that will prepend a [`base` tag](https://developer.mozilla.org/en/docs/Web/HTML/Element/base) in the header of the returned HTML from the backend. +If the scheme of [`base` tag](https://developer.mozilla.org/en/docs/Web/HTML/Element/base) need to be specific, set the annotation `ingress.kubernetes.io/base-url-scheme` to the scheme such as `http` and `https`. + If the Application Root is exposed in a different path and needs to be redirected, set the annotation `ingress.kubernetes.io/app-root` to redirect requests for `/`. Please check the [rewrite](/examples/rewrite/nginx/README.md) example. From a6f82d0ea62513209a94aa29c06aeca4c3014c77 Mon Sep 17 00:00:00 2001 From: danielqsj Date: Mon, 21 Aug 2017 14:40:51 +0800 Subject: [PATCH 3/3] Update rewrite examples documents --- examples/rewrite/nginx/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/rewrite/nginx/README.md b/examples/rewrite/nginx/README.md index f934eb6169..b3e50a88dc 100644 --- a/examples/rewrite/nginx/README.md +++ b/examples/rewrite/nginx/README.md @@ -16,6 +16,7 @@ Rewriting can be controlled using the following annotations: | --- | --- | --- | |ingress.kubernetes.io/rewrite-target|Target URI where the traffic must be redirected|string| |ingress.kubernetes.io/add-base-url|indicates if is required to add a base tag in the head of the responses from the upstream servers|bool| +|ingress.kubernetes.io/base-url-scheme|Override for the scheme passed to the base tag|string| |ingress.kubernetes.io/ssl-redirect|Indicates if the location section is accessible SSL only (defaults to True when Ingress contains a Certificate)|bool| |ingress.kubernetes.io/force-ssl-redirect|Forces the redirection to HTTPS even if the Ingress is not TLS Enabled|bool| |ingress.kubernetes.io/app-root|Defines the Application Root that the Controller must redirect if it's not in '/' context|string|