addHeader & setHeader reconfigure params [fixed #177]

vfarcic · vfarcic · commit 04330fe21373 · 2017-03-19T14:15:11.000+01:00
diff --git a/.travis.yml b/.travis.yml
@@ -20,7 +20,7 @@ script:
   - docker-compose -f docker-compose-test.yml run --rm staging
   - docker-compose -f docker-compose-test.yml down
   - docker tag vfarcic/docker-flow-proxy vfarcic/docker-flow-proxy:beta
-  - docker login -e $DOCKER_EMAIL -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+  - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
   - docker push vfarcic/docker-flow-proxy:beta
   - HOST_IP=$(ifconfig eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1') docker-compose -f docker-compose-test.yml run --rm staging-swarm
 
@@ -42,7 +42,3 @@ after_success:
 branches:
   only:
     - master
-
-notifications:
-  slack:
-    secure: h5AN2Q3Ft3LYkBZWsEtQIVTZBmZYc/yGcqBcO7zCts2I4eTYCNPl419nkQiMbPBCL6s7mQv2bY2hA9mhm271ssc3JgoQ8A7yMoR+tlGWrdDwR7vhvs85o+GUiVM27sqCCNNz/pE/HU6F5h5h4vQAEBZzC1WGJkdxKQGNohDh+xWJMxB+SFynC5qtbVjXYiKwGf9EvAa7qWbJ7OgzqvU5QAdpUMa0CptEkNsGxgTF7onvx/6TYJTnDTmmiGlwkeo83895qbROxxUE6Az0lRa/4P8sAKpa4Gc+nxInk41KpZud5XW85lrs6Ncesh2TzIlac/RboE68zhP+MJgobzjDyDZdSnm3tRH8k5vK+2FvaqOtWEFink0H42n96rcuGKVeGe56TJRoHMou5H1qWwc8caIJm4yLRR4kwed+Ao73iQLnSfQeTCEk/WUUm7a4JaChR55EXnRfI5gcd54C+ONCT6JnvCGRhRnPClFiGgQ274D4QUCgm5nLm1+XVReTUo/us9L1fraAQtc/UMTbAsD+1MFddSYRmE8pMh0FZfYWqf8UPlVvmTjtSOPK8g+WoCdi4qqhnBJapmNuSMRrhf7EYxzvFbFG5EBKdSDCgNffYtOMQSwWY09IaufyJFQYjVlCuT+tYi1unzlOJmFWps+qxl/CcoB6guM+YNj0vqFbApw=
diff --git a/actions/reconfigure.go b/actions/reconfigure.go
@@ -339,11 +339,7 @@ backend %s{{$.ServiceName}}-be{{.Port}}
 		tmpl += `
     log global`
 	}
-	if sr.XForwardedProto {
-		tmpl += `
-    http-request add-header X-Forwarded-Proto https if { ssl_fc }`
-	}
-	// TODO: Deprecated (dec. 2016).
+	tmpl += m.getHeaders(sr)
 	if len(sr.TimeoutServer) > 0 {
 		tmpl += `
     timeout server {{$.TimeoutServer}}s`
@@ -352,6 +348,7 @@ backend %s{{$.ServiceName}}-be{{.Port}}
 		tmpl += `
     timeout tunnel {{$.TimeoutTunnel}}s`
 	}
+	// TODO: Deprecated (dec. 2016).
 	if len(sr.ReqRepSearch) > 0 && len(sr.ReqRepReplace) > 0 {
 		tmpl += `
     reqrep {{$.ReqRepSearch}}     {{$.ReqRepReplace}}`
@@ -389,6 +386,27 @@ backend %s{{$.ServiceName}}-be{{.Port}}
 	return tmpl
 }
 
+func (m *Reconfigure) getHeaders(sr *proxy.Service) string {
+	tmpl := ""
+	if sr.XForwardedProto {
+		tmpl += `
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }`
+	}
+	for _, header := range sr.AddHeader {
+		tmpl += fmt.Sprintf(`
+    http-request add-header %s`,
+			header,
+		)
+	}
+	for _, header := range sr.SetHeader {
+		tmpl += fmt.Sprintf(`
+    http-request set-header %s`,
+			header,
+		)
+	}
+	return tmpl
+}
+
 func (m *Reconfigure) getUsersList(sr *proxy.Service) string {
 	if len(sr.Users) > 0 {
 		return `userlist {{.ServiceName}}Users{{range .Users}}
diff --git a/actions/reconfigure_test.go b/actions/reconfigure_test.go
@@ -657,6 +657,70 @@ backend %s-be%s
 	s.Equal(expectedData, actualData)
 }
 
+func (s ReconfigureTestSuite) Test_Execute_AddsHeader_WhenAddHeaderIsSet() {
+	s.reconfigure.Mode = "swarm"
+	s.reconfigure.AddHeader = []string{"header-1", "header-2"}
+	var actualFilename, actualData string
+	expectedFilename := fmt.Sprintf("%s/%s-be.cfg", s.TemplatesPath, s.ServiceName)
+	expectedData := fmt.Sprintf(
+		`
+backend %s-be%s
+    mode http
+    http-request add-header header-1
+    http-request add-header header-2
+    server %s %s:%s`,
+		s.ServiceName,
+		s.reconfigure.ServiceDest[0].Port,
+		s.ServiceName,
+		s.ServiceName,
+		s.reconfigure.ServiceDest[0].Port,
+	)
+	writeBeTemplateOrig := writeBeTemplate
+	defer func() { writeBeTemplate = writeBeTemplateOrig }()
+	writeBeTemplate = func(filename string, data []byte, perm os.FileMode) error {
+		actualFilename = filename
+		actualData = string(data)
+		return nil
+	}
+
+	s.reconfigure.Execute([]string{})
+
+	s.Equal(expectedFilename, actualFilename)
+	s.Equal(expectedData, actualData)
+}
+
+func (s ReconfigureTestSuite) Test_Execute_AddsHeader_WhenSetHeaderIsSet() {
+	s.reconfigure.Mode = "swarm"
+	s.reconfigure.SetHeader = []string{"header-1", "header-2"}
+	var actualFilename, actualData string
+	expectedFilename := fmt.Sprintf("%s/%s-be.cfg", s.TemplatesPath, s.ServiceName)
+	expectedData := fmt.Sprintf(
+		`
+backend %s-be%s
+    mode http
+    http-request set-header header-1
+    http-request set-header header-2
+    server %s %s:%s`,
+		s.ServiceName,
+		s.reconfigure.ServiceDest[0].Port,
+		s.ServiceName,
+		s.ServiceName,
+		s.reconfigure.ServiceDest[0].Port,
+	)
+	writeBeTemplateOrig := writeBeTemplate
+	defer func() { writeBeTemplate = writeBeTemplateOrig }()
+	writeBeTemplate = func(filename string, data []byte, perm os.FileMode) error {
+		actualFilename = filename
+		actualData = string(data)
+		return nil
+	}
+
+	s.reconfigure.Execute([]string{})
+
+	s.Equal(expectedFilename, actualFilename)
+	s.Equal(expectedData, actualData)
+}
+
 func (s ReconfigureTestSuite) Test_Execute_DoesNotInvokeRegistrarableCreateConfigs_WhenModeIsService() {
 	mockObj := getRegistrarableMock("")
 	registryInstanceOrig := registryInstance
diff --git a/docs/feedback-and-contribution.md b/docs/feedback-and-contribution.md
@@ -1,6 +1,6 @@
 # Feedback and Contribution
 
-The *Docker Flow: Proxy* project welcomes, and depends, on contributions from developers and users in the open source community. Contributions can be made in a number of ways, a few examples are:
+The *Docker Flow Proxy* project welcomes, and depends, on contributions from developers and users in the open source community. Contributions can be made in a number of ways, a few examples are:
 
 * Code patches or new features via pull requests
 * Documentation improvements
@@ -20,7 +20,7 @@ Please join the [DevOps20](http://slack.devops20toolkit.com/) Slack channel if y
 
 ## Contributing To The Project
 
-I encourage you to contribute to the *Docker Flow: Proxy* project.
+I encourage you to contribute to the *Docker Flow Proxy* project.
 
 The project is developed using *Test Driven Development* and *Continuous Deployment* process. Test are divided into unit and integration tests. Every code file has an equivalent with tests (e.g. `reconfigure.go` and `reconfigure_test.go`). Ideally, I expect you to write a test that defines that should be developed, run all the unit tests and confirm that the test fails, write just enough code to make the test pass, repeat. If you are new to testing, feel free to create a pull request indicating that tests are missing and I'll help you out.
 
diff --git a/docs/index.md b/docs/index.md
@@ -10,14 +10,9 @@ Since the Docker 1.12 release, *Docker Flow Proxy* supports two modes. The defau
 
 The recommendation is to run *Docker Flow Proxy* inside a Swarm cluster with Automatic Reconfiguration.
 
-*Docker Flow Proxy* examples can be found in the sections that follow.
+*Docker Flow Proxy* examples can be found in the *Tutorials* section located in the left-hand menu.
 
-* [Swarm Mode With Automatic Reconfiguration (recommended)](swarm-mode-auto.md)
-* [Swarm Mode With Docker Stack](swarm-mode-stack.md)
-* [Swarm Mode With Manual Reconfiguration](swarm-mode-manual.md)
-* [Standard Mode](standard-mode.md)
-
-Please visit the [config](config.md) and [usage](usage.md) sections for more details.
+Please visit the [Configuring Docker Flow Proxy](config.md) and [Usage](usage.md) sections for more details.
 
 [Feedback and contributions](feedback-and-contribution.md) are appreciated.
 
diff --git a/docs/usage.md b/docs/usage.md
@@ -15,6 +15,7 @@ The following query parameters can be used to send a *reconfigure* request to *D
 |Query          |Description                                                                               |Required|Default|Example      |
 |---------------|------------------------------------------------------------------------------------------|--------|-------|-------------|
 |aclName        |ACLs are ordered alphabetically by their names. If not specified, serviceName is used instead.|No  |       |05-go-demo-acl|
+|addHeader      |Additional headers that will be added to the request before forwarding it to the service. Multiple headers should be separated with comma (`,`). Please consult [Add a header to the request](https://www.haproxy.com/doc/aloha/7.0/haproxy/http_rewriting.html#add-a-header-to-the-request) for more info.|No| |X-Forwarded-Port %[dst_port],X-Forwarded-Ssl on if { ssl_fc }|
 |httpsPort      |The internal HTTPS port of a service that should be reconfigured. The port is used only in the `swarm` mode. If not specified, the `port` parameter will be used instead.|No| |443|
 |port           |The internal port of a service that should be reconfigured. The port is used only in the `swarm` mode. The parameter can be prefixed with an index thus allowing definition of multiple destinations for a single service (e.g. `port.1`, `port.2`, and so on).|Only in `swarm` mode| |8080|
 |reqMode        |The request mode. The proxy should be able to work with any mode supported by HAProxy. However, actively supported and tested modes are `http`, `tcp`, and `sni`. The `sni` mode implies TCP with an SNI-based routing.|No|http|tcp|
@@ -23,6 +24,7 @@ The following query parameters can be used to send a *reconfigure* request to *D
 |serviceDomain  |The domain of the service. If set, the proxy will allow access only to requests coming to that domain. Multiple domains should be separated with comma (`,`).|No| |ecme.com|
 |serviceDomainMatchAll|Whether to include subdomains and FDQN domains in the match. If set to false, and, for example, `serviceDomain` is set to `acme.com`, `something.acme.com` would not be considered a match unless this parameter is set to `true`. If this option is used, it is recommended to put any subdomains higher in the list using `aclName`.|No|false|true|
 |serviceName    |The name of the service. It must match the name of the Swarm service or the one stored in Consul.|Yes|     |go-demo      |
+|setHeader      |Additional headers that will be set to the request before forwarding it to the service. If a specified header exists, it will be replaced with the new one. Multiple headers should be separated with comma (`,`). Please consult [Set a header to the request](https://www.haproxy.com/doc/aloha/7.0/haproxy/http_rewriting.html#set-a-header-in-the-request) for more info.|No| |X-Forwarded-Port %[dst_port],X-Forwarded-Ssl on if { ssl_fc }|
 |srcPort        |The source (entry) port of a service. Useful only when specifying multiple destinations of a single service. The parameter can be prefixed with an index thus allowing definition of multiple destinations for a single service (e.g. `srcPort.1`, `srcPort.2`, and so on).|No| |80|
 |timeoutServer  |The server timeout in seconds.                                                            |No      |20     |60           |
 |timeoutTunnel  |The tunnel timeout in seconds.                                                            |No      |3600   |1800         |
@@ -95,6 +97,7 @@ The map between the HTTP query parameters and environment variables is as follow
 |Query                |Environment variable    |
 |---------------------|------------------------|
 |aclName              |ACL_NAME                |
+|addHeader            |ADD_HEADER              |
 |consulTemplateBePath |CONSUL_TEMPLATE_BE_PATH |
 |consulTemplateFePath |CONSUL_TEMPLATE_FE_PATH |
 |distribute           |DISTRIBUTE              |
@@ -112,6 +115,7 @@ The map between the HTTP query parameters and environment variables is as follow
 |serviceDomainMatchAll|SERVICE_DOMAIN_MATCH_ALL|
 |serviceName          |SERVICE_NAME            |
 |servicePath          |SERVICE_PATH            |
+|setHeader            |SET_HEADER              |
 |skipCheck            |SKIP_CHECK              |
 |srcPort              |SRC_PORT                |
 |sslVerifyNone        |SSL_VERIFY_NONE         |
diff --git a/proxy/types.go b/proxy/types.go
@@ -20,6 +20,8 @@ type ServiceDest struct {
 }
 
 type Service struct {
+	// Additional headers that will be added to the request before forwarding it to the service. Please consult https://www.haproxy.com/doc/aloha/7.0/haproxy/http_rewriting.html#add-a-header-to-the-request for more info.
+	AddHeader []string `split_words:"true"`
 	// ACLs are ordered alphabetically by their names.
 	// If not specified, serviceName is used instead.
 	AclName string `split_words:"true"`
@@ -69,6 +71,8 @@ type Service struct {
 	// The name of the service.
 	// It must match the name of the Swarm service or the one stored in Consul.
 	ServiceName string `split_words:"true"`
+	// Additional headers that will be set to the request before forwarding it to the service. If a specified header exists, it will be replaced with the new one.
+	SetHeader []string `split_words:"true"`
 	// Whether to skip adding proxy checks.
 	// This option is used only in the default mode.
 	SkipCheck bool `split_words:"true"`
diff --git a/server/server.go b/server/server.go
@@ -74,6 +74,12 @@ func (m *Serve) GetServiceFromUrl(req *http.Request) *proxy.Service {
 	if len(req.URL.Query().Get("serviceDomain")) > 0 {
 		sr.ServiceDomain = strings.Split(req.URL.Query().Get("serviceDomain"), ",")
 	}
+	if len(req.URL.Query().Get("addHeader")) > 0 {
+		sr.AddHeader = strings.Split(req.URL.Query().Get("addHeader"), ",")
+	}
+	if len(req.URL.Query().Get("setHeader")) > 0 {
+		sr.SetHeader = strings.Split(req.URL.Query().Get("setHeader"), ",")
+	}
 	globalUsersString := proxy.GetSecretOrEnvVar("USERS", "")
 	globalUsersEncrypted := strings.EqualFold(proxy.GetSecretOrEnvVar("USERS_PASS_ENCRYPTED", ""), "true")
 	sr.Users = mergeUsers(
diff --git a/server/server_test.go b/server/server_test.go
@@ -594,34 +594,36 @@ func (s *ServerTestSuite) Test_RemoveHandler_WritesErrorHeader_WhenRemoveDistrib
 
 func (s *ServerTestSuite) Test_GetServiceFromUrl_ReturnsProxyService() {
 	expected := proxy.Service{
-		ServiceName:           "serviceName",
 		AclName:               "aclName",
-		ServiceColor:          "serviceColor",
-		ServiceCert:           "serviceCert",
-		OutboundHostname:      "outboundHostname",
+		AddHeader:             []string{"add-header-1", "add-header-2"},
 		ConsulTemplateFePath:  "consulTemplateFePath",
 		ConsulTemplateBePath:  "consulTemplateBePath",
+		Distribute:            true,
+		HttpsOnly:             true,
+		HttpsPort:             1234,
+		OutboundHostname:      "outboundHostname",
 		PathType:              "pathType",
-		ReqPathSearch:         "reqPathSearch",
+		RedirectWhenHttpProto: true,
+		ReqMode:               "reqMode",
 		ReqPathReplace:        "reqPathReplace",
-		TemplateFePath:        "templateFePath",
+		ReqPathSearch:         "reqPathSearch",
+		ServiceCert:           "serviceCert",
+		ServiceColor:          "serviceColor",
+		ServiceDest:           []proxy.ServiceDest{{ServicePath: []string{}}},
+		ServiceDomain:         []string{"domain1", "domain2"},
+		ServiceDomainMatchAll: true,
+		ServiceName:           "serviceName",
+		SetHeader:             []string{"set-header-1", "set-header-2"},
+		SkipCheck:             true,
+		SslVerifyNone:         true,
 		TemplateBePath:        "templateBePath",
+		TemplateFePath:        "templateFePath",
 		TimeoutServer:         "timeoutServer",
 		TimeoutTunnel:         "timeoutTunnel",
-		ReqMode:               "reqMode",
-		HttpsOnly:             true,
 		XForwardedProto:       true,
-		RedirectWhenHttpProto: true,
-		HttpsPort:             1234,
-		ServiceDomain:         []string{"domain1", "domain2"},
-		SkipCheck:             true,
-		Distribute:            true,
-		SslVerifyNone:         true,
-		ServiceDomainMatchAll: true,
-		ServiceDest:           []proxy.ServiceDest{{ServicePath: []string{}}},
 	}
 	addr := fmt.Sprintf(
-		"%s?serviceName=%s&aclName=%s&serviceColor=%s&serviceCert=%s&outboundHostname=%s&consulTemplateFePath=%s&consulTemplateBePath=%s&pathType=%s&reqPathSearch=%s&reqPathReplace=%s&templateFePath=%s&templateBePath=%s&timeoutServer=%s&timeoutTunnel=%s&reqMode=%s&httpsOnly=%t&xForwardedProto=%t&redirectWhenHttpProto=%t&httpsPort=%d&serviceDomain=%s&skipCheck=%t&distribute=%t&sslVerifyNone=%t&serviceDomainMatchAll=%t",
+		"%s?serviceName=%s&aclName=%s&serviceColor=%s&serviceCert=%s&outboundHostname=%s&consulTemplateFePath=%s&consulTemplateBePath=%s&pathType=%s&reqPathSearch=%s&reqPathReplace=%s&templateFePath=%s&templateBePath=%s&timeoutServer=%s&timeoutTunnel=%s&reqMode=%s&httpsOnly=%t&xForwardedProto=%t&redirectWhenHttpProto=%t&httpsPort=%d&serviceDomain=%s&skipCheck=%t&distribute=%t&sslVerifyNone=%t&serviceDomainMatchAll=%t&addHeader=%s&setHeader=%s",
 		s.BaseUrl,
 		expected.ServiceName,
 		expected.AclName,
@@ -647,6 +649,8 @@ func (s *ServerTestSuite) Test_GetServiceFromUrl_ReturnsProxyService() {
 		expected.Distribute,
 		expected.SslVerifyNone,
 		expected.ServiceDomainMatchAll,
+		strings.Join(expected.AddHeader, ","),
+		strings.Join(expected.SetHeader, ","),
 	)
 	req, _ := http.NewRequest("GET", addr, nil)
 	srv := Serve{}
@@ -794,6 +798,7 @@ func (s *ServerTestSuite) Test_UsersMerge_AllCases() {
 func (s *ServerTestSuite) Test_GetServicesFromEnvVars_ReturnsServices() {
 	service := proxy.Service{
 		AclName:               "my-AclName",
+		AddHeader:             []string{"add-header-1", "add-header-2"},
 		ConsulTemplateBePath:  "my-ConsulTemplateBePath",
 		ConsulTemplateFePath:  "my-ConsulTemplateFePath",
 		Distribute:            true,
@@ -809,6 +814,7 @@ func (s *ServerTestSuite) Test_GetServicesFromEnvVars_ReturnsServices() {
 		ServiceDomain:         []string{"my-domain-1.com", "my-domain-2.com"},
 		ServiceDomainMatchAll: true,
 		ServiceName:           "my-ServiceName",
+		SetHeader:             []string{"set-header-1", "set-header-2"},
 		SkipCheck:             true,
 		SslVerifyNone:         true,
 		TemplateBePath:        "my-TemplateBePath",
@@ -821,6 +827,7 @@ func (s *ServerTestSuite) Test_GetServicesFromEnvVars_ReturnsServices() {
 		},
 	}
 	os.Setenv("DFP_SERVICE_ACL_NAME", service.AclName)
+	os.Setenv("DFP_SERVICE_ADD_HEADER", strings.Join(service.AddHeader, ","))
 	os.Setenv("DFP_SERVICE_CONSUL_TEMPLATE_FE_PATH", service.ConsulTemplateFePath)
 	os.Setenv("DFP_SERVICE_CONSUL_TEMPLATE_BE_PATH", service.ConsulTemplateBePath)
 	os.Setenv("DFP_SERVICE_DISTRIBUTE", strconv.FormatBool(service.Distribute))
@@ -845,10 +852,12 @@ func (s *ServerTestSuite) Test_GetServicesFromEnvVars_ReturnsServices() {
 	os.Setenv("DFP_SERVICE_X_FORWARDED_PROTO", strconv.FormatBool(service.XForwardedProto))
 	os.Setenv("DFP_SERVICE_PORT", service.ServiceDest[0].Port)
 	os.Setenv("DFP_SERVICE_SERVICE_PATH", strings.Join(service.ServiceDest[0].ServicePath, ","))
+	os.Setenv("DFP_SERVICE_SET_HEADER", strings.Join(service.SetHeader, ","))
 	os.Setenv("DFP_SERVICE_SRC_PORT", strconv.Itoa(service.ServiceDest[0].SrcPort))
 
 	defer func() {
 		os.Unsetenv("DFP_SERVICE_ACL_NAME")
+		os.Unsetenv("DFP_SERVICE_ADD_HEADER")
 		os.Unsetenv("DFP_SERVICE_CONSUL_TEMPLATE_BE_PATH")
 		os.Unsetenv("DFP_SERVICE_CONSUL_TEMPLATE_FE_PATH")
 		os.Unsetenv("DFP_SERVICE_DISTRIBUTE")
@@ -866,6 +875,7 @@ func (s *ServerTestSuite) Test_GetServicesFromEnvVars_ReturnsServices() {
 		os.Unsetenv("DFP_SERVICE_SERVICE_DOMAIN_MATCH_ALL")
 		os.Unsetenv("DFP_SERVICE_SERVICE_NAME")
 		os.Unsetenv("DFP_SERVICE_SERVICE_PATH")
+		os.Unsetenv("DFP_SERVICE_SET_HEADER")
 		os.Unsetenv("DFP_SERVICE_SKIP_CHECK")
 		os.Unsetenv("DFP_SERVICE_SRC_PORT")
 		os.Unsetenv("DFP_SERVICE_SSL_VERIFY_NONE")
