RFC: Moves srcPortAcl formatting to template

Author: thomasjpfan

proxy/ha_proxy_test.go

@@ -747,11 +747,14 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsContentFrontEnd() {
 	tmpl := s.TemplateContent
 	expectedData := fmt.Sprintf(
 		`%s
-    acl url_my-service-11111_0 path_beg /path-1 path_beg /path-2 port1111Acl
-    acl url_my-service-12222_1 path_beg /path-3 port2222Acl
+    acl url_my-service-11111_0 path_beg /path-1 path_beg /path-2
+    acl port1111Acl
+    acl url_my-service-12222_1 path_beg /path-3
+    acl port2222Acl
     use_backend my-service-1-be1111_0 if url_my-service-11111_0 my-src-port
     use_backend my-service-1-be2222_1 if url_my-service-12222_1
-    acl url_my-service-23333_0 path_beg /path-4 port3333Acl
+    acl url_my-service-23333_0 path_beg /path-4
+    acl port3333Acl
     use_backend my-service-2-be3333_0 if url_my-service-23333_0%s`,
 		tmpl,
 		s.ServicesContent,
@@ -765,15 +768,15 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsContentFrontEnd() {
 		ServiceName: "my-service-1",
 		PathType:    "path_beg",
 		ServiceDest: []ServiceDest{
-			{Port: "1111", ServicePath: []string{"/path-1", "/path-2"}, SrcPortAcl: " port1111Acl", SrcPortAclName: " my-src-port", Index: 0},
-			{Port: "2222", ServicePath: []string{"/path-3"}, SrcPortAcl: " port2222Acl", Index: 1},
+			{Port: "1111", ServicePath: []string{"/path-1", "/path-2"}, SrcPortAcl: "acl port1111Acl", SrcPortAclName: " my-src-port", IncludeSrcPortACL: true, Index: 0},
+			{Port: "2222", ServicePath: []string{"/path-3"}, SrcPortAcl: "acl port2222Acl", Index: 1, IncludeSrcPortACL: true},
 		},
 	}
 	service2 := Service{
 		ServiceName: "my-service-2",
 		PathType:    "path_beg",
 		ServiceDest: []ServiceDest{
-			{Port: "3333", ServicePath: []string{"/path-4"}, SrcPortAcl: " port3333Acl", Index: 0},
+			{Port: "3333", ServicePath: []string{"/path-4"}, SrcPortAcl: "acl port3333Acl", Index: 0, IncludeSrcPortACL: true},
 		},
 	}
 	p.AddService(service1)
@@ -791,9 +794,9 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsServicePathExclude(
 		`%s
     acl url_my-service-11111_0 path_beg /path-1
     acl url_exclude_my-service-11111_0 path_beg /path-2 path_beg /path-3
-    acl http_my-service-1_0 dst_port 80
+    acl srcPort_my-service-180_0 dst_port 80
     acl https_my-service-1_0 dst_port 443
-    use_backend my-service-1-be1111_0 if url_my-service-11111_0 !url_exclude_my-service-11111_0 http_my-service-1_0
+    use_backend my-service-1-be1111_0 if url_my-service-11111_0 !url_exclude_my-service-11111_0 srcPort_my-service-180_0
     use_backend https-my-service-1-be1111_0 if url_my-service-11111_0 !url_exclude_my-service-11111_0 https_my-service-1_0%s`,
 		tmpl,
 		s.ServicesContent,
@@ -812,6 +815,7 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsServicePathExclude(
 	}
 	p.AddService(service)
 
+	FormatServiceForTemplates(&service)
 	p.CreateConfigFromTemplates()
 
 	s.Equal(expectedData, actualData)
@@ -1832,9 +1836,9 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsContentFrontEndWith
 	expectedData := fmt.Sprintf(
 		`%s
     acl url_my-service1111_0 path_beg /path
-    acl http_my-service_0 dst_port 80
+    acl srcPort_my-service80_0 dst_port 80
     acl https_my-service_0 dst_port 443
-    use_backend my-service-be1111_0 if url_my-service1111_0 http_my-service_0
+    use_backend my-service-be1111_0 if url_my-service1111_0 srcPort_my-service80_0
     use_backend https-my-service-be1111_0 if url_my-service1111_0 https_my-service_0%s`,
 		tmpl,
 		s.ServicesContent,
@@ -1854,6 +1858,7 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsContentFrontEndWith
 	}
 	p.AddService(service1)
 
+	FormatServiceForTemplates(&service1)
 	p.CreateConfigFromTemplates()
 
 	s.Equal(expectedData, actualData)
@@ -1866,9 +1871,8 @@ func (s HaProxyTestSuite) Test_CreateConfigFromTemplates_AddsContentFrontEndWith
 		`%s
     acl url_my-service1111_0 path_beg /path
     acl srcPort_my-service8080_0 dst_port 8080
-    acl http_my-service_0 dst_port 8080
     acl https_my-service_0 dst_port 443
-    use_backend my-service-be1111_0 if url_my-service1111_0 srcPort_my-service8080_0 http_my-service_0
+    use_backend my-service-be1111_0 if url_my-service1111_0 srcPort_my-service8080_0
     use_backend https-my-service-be1111_0 if url_my-service1111_0 https_my-service_0%s`,
 		tmpl,
 		s.ServicesContent,

proxy/template.go

@@ -20,11 +20,14 @@ func getFrontTemplate(s Service) string {
             {{- end}}
         {{- end}}
         {{- if ne .Port ""}}
-    acl url_{{$.AclName}}{{.Port}}_{{.Index}}{{range .ServicePath}} {{if eq $.PathType ""}}path_beg{{end}}{{if ne $.PathType ""}}{{$.PathType}}{{end}} {{.}}{{end}}{{.SrcPortAcl}}
+    acl url_{{$.AclName}}{{.Port}}_{{.Index}}{{range .ServicePath}} {{if eq $.PathType ""}}path_beg{{end}}{{if ne $.PathType ""}}{{$.PathType}}{{end}} {{.}}{{end}}
         {{- end}}
         {{- if .ServicePathExclude}}
-    acl url_exclude_{{$.AclName}}{{.Port}}_{{.Index}}{{range .ServicePathExclude}} {{if eq $.PathType ""}}path_beg{{end}}{{if ne $.PathType ""}}{{$.PathType}}{{end}} {{.}}{{end}}{{.SrcPortAcl}}
+    acl url_exclude_{{$.AclName}}{{.Port}}_{{.Index}}{{range .ServicePathExclude}} {{if eq $.PathType ""}}path_beg{{end}}{{if ne $.PathType ""}}{{$.PathType}}{{end}} {{.}}{{end}}
         {{- end}}
+        {{- if $sd.IncludeSrcPortACL }}
+    {{$sd.SrcPortAcl}}
+        {{- end }}
         {{- $length := len .UserAgent.Value}}{{if gt $length 0}}
     acl user_agent_{{$.AclName}}_{{.UserAgent.AclName}}_{{.Index}} hdr_sub(User-Agent) -i{{range .UserAgent.Value}} {{.}}{{end}}
         {{- end}}
@@ -38,7 +41,6 @@ func getFrontTemplate(s Service) string {
         {{- end}}
     {{- end}}
     {{- if gt $sd.HttpsPort 0 }}
-    acl http_{{$.ServiceName}}_{{.Index}} dst_port {{ if gt .SrcPort 0 }}{{.SrcPort}}{{ else }}80{{ end }}
     acl https_{{$.ServiceName}}_{{.Index}} dst_port 443
     {{- end}}
     {{- range $rd := $sd.RedirectFromDomain}}
@@ -58,7 +60,7 @@ func getFrontTemplate(s Service) string {
 {{- range $sd := .ServiceDest}}
     {{- if eq .ReqMode "http"}}{{- if ne .Port ""}}
     use_backend {{$.AclName}}-be{{.Port}}_{{.Index}} if url_{{$.AclName}}{{.Port}}_{{.Index}}{{if .ServicePathExclude}} !url_exclude_{{$.AclName}}{{.Port}}_{{.Index}}{{end}}{{if .ServiceDomain}} domain_{{$.AclName}}{{.Port}}_{{.Index}}{{end}}{{if .ServiceHeader}}{{resetIndex}}{{range $key, $value := .ServiceHeader}} hdr_{{$.AclName}}{{$sd.Port}}_{{incIndex}}{{end}}{{end}}{{.SrcPortAclName}}
-        {{- if gt $sd.HttpsPort 0 }} http_{{$.ServiceName}}_{{.Index}}
+        {{- if gt $sd.HttpsPort 0 }}
     use_backend https-{{$.AclName}}-be{{.Port}}_{{.Index}} if url_{{$.AclName}}{{.Port}}_{{.Index}}{{if .ServicePathExclude}} !url_exclude_{{$.AclName}}{{.Port}}_{{.Index}}{{end}}{{if .ServiceDomain}} domain_{{$.AclName}}{{.Port}}_{{.Index}}{{end}} https_{{$.ServiceName}}_{{.Index}}
         {{- end}}
     {{- $length := len .UserAgent.Value}}{{if gt $length 0}} user_agent_{{$.AclName}}_{{.UserAgent.AclName}}_{{.Index}}{{end}}
@@ -135,7 +137,10 @@ frontend service_{{$sd1.SrcPort}}
     tcp-request content accept if { req_ssl_hello_type 1 }`, si)
 	}
 	tmplString += fmt.Sprintf(`{{$sd := index $.ServiceDest %d}}
-    acl sni_{{.AclName}}{{$sd.Port}}-%d{{range $sd.ServicePath}} {{$.PathType}} {{.}}{{end}}{{$sd.SrcPortAcl}}
+    acl sni_{{.AclName}}{{$sd.Port}}-%d{{range $sd.ServicePath}} {{$.PathType}} {{.}}{{end}}
+    {{- if ne $sd.SrcPortAcl "" }}
+    {{$sd.SrcPortAcl}}
+    {{- end }}
     use_backend {{$.ServiceName}}-be{{$sd.Port}}_{{$sd.Index}} if sni_{{$.AclName}}{{$sd.Port}}-%d{{$.AclCondition}}{{$sd.SrcPortAclName}}`, si, si+1, si+1)
 	return templateToString(tmplString, s)
 }
@@ -382,11 +387,20 @@ func FormatServiceForTemplates(sr *Service) {
 			sr.ServiceDest[i].ReqMode = "http"
 		}
 
-		if sd.SrcPort > 0 {
-			sr.ServiceDest[i].SrcPortAclName = fmt.Sprintf(" srcPort_%s%d_%d", sr.AclName, sd.SrcPort, sd.Index)
-			sr.ServiceDest[i].SrcPortAcl = fmt.Sprintf("\n    acl srcPort_%s%d_%d dst_port %d",
-				sr.AclName, sd.SrcPort, sd.Index, sd.SrcPort)
+		srcPort := sd.SrcPort
+		if sd.HttpsPort > 0 && srcPort == 0 {
+			srcPort = 80
 		}
+		if srcPort > 0 {
+			sr.ServiceDest[i].SrcPortAclName = fmt.Sprintf(" srcPort_%s%d_%d", sr.AclName, srcPort, sd.Index)
+			sr.ServiceDest[i].SrcPortAcl = fmt.Sprintf("acl srcPort_%s%d_%d dst_port %d",
+				sr.AclName, srcPort, sd.Index, srcPort)
+		}
+		if srcPort > 0 && (len(sd.Port) > 0 || len(sd.ServicePathExclude) > 0) {
+			sr.ServiceDest[i].IncludeSrcPortACL = true
+		}
+		sr.ServiceDest[i].SrcPort = srcPort
+
 	}
 }
 

proxy/template_test.go

@@ -70,6 +70,6 @@ func (s *TemplateTestSuite) Test_FormatData_SrcPort_DefinesSrcPortAclNameAndSrcP
 	sd := service.ServiceDest[0]
 
 	s.Equal(" srcPort_my-service-14480_0", sd.SrcPortAclName)
-	s.Equal("\n    acl srcPort_my-service-14480_0 dst_port 4480", sd.SrcPortAcl)
+	s.Equal("acl srcPort_my-service-14480_0 dst_port 4480", sd.SrcPortAcl)
 
 }

proxy/types.go

@@ -89,6 +89,8 @@ type ServiceDest struct {
 	Index int
 	// Internal use only
 	ReqPathSearchReplaceFormatted []string
+	// Internal use only
+	IncludeSrcPortACL bool
 }
 
 // UserAgent holds data used to generate proxy configuration. It is extracted as a separate struct since each user agent needs an ACL identifier. If specified, only requests with the same agent will be forwarded to the backend.