ci: check example policy files
cmd: add check parameter
This commit is contained in:
WeebDataHoarder
@@ -21,10 +21,26 @@ local Build(go, alpine, os, arch) = {
|
|||||||
"apk update",
|
"apk update",
|
||||||
"apk add --no-cache git",
|
"apk add --no-cache git",
|
||||||
"mkdir .bin",
|
"mkdir .bin",
|
||||||
"go build -v -o ./.bin/go-away ./cmd/go-away",
|
"go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away",
|
||||||
"go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime",
|
"go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "check-policy-forgejo",
|
||||||
|
image: "alpine:" + alpine,
|
||||||
|
depends_on: ["build"],
|
||||||
|
commands: [
|
||||||
|
"./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/forgejo.yml --policy-snippets examples/snippets/"
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "check-policy-generic",
|
||||||
|
image: "alpine:" + alpine,
|
||||||
|
depends_on: ["build"],
|
||||||
|
commands: [
|
||||||
|
"./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/generic.yml --policy-snippets examples/snippets/"
|
||||||
|
],
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "test-wasm-success",
|
name: "test-wasm-success",
|
||||||
image: "alpine:" + alpine,
|
image: "alpine:" + alpine,
|
||||||
|
|||||||
34
.drone.yml
34
.drone.yml
@@ -14,10 +14,24 @@ steps:
|
|||||||
- apk update
|
- apk update
|
||||||
- apk add --no-cache git
|
- apk add --no-cache git
|
||||||
- mkdir .bin
|
- mkdir .bin
|
||||||
- go build -v -o ./.bin/go-away ./cmd/go-away
|
- go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away
|
||||||
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
||||||
image: golang:1.24-alpine3.21
|
image: golang:1.24-alpine3.21
|
||||||
name: build
|
name: build
|
||||||
|
- commands:
|
||||||
|
- ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80
|
||||||
|
--policy examples/forgejo.yml --policy-snippets examples/snippets/
|
||||||
|
depends_on:
|
||||||
|
- build
|
||||||
|
image: alpine:3.21
|
||||||
|
name: check-policy-forgejo
|
||||||
|
- commands:
|
||||||
|
- ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80
|
||||||
|
--policy examples/generic.yml --policy-snippets examples/snippets/
|
||||||
|
depends_on:
|
||||||
|
- build
|
||||||
|
image: alpine:3.21
|
||||||
|
name: check-policy-generic
|
||||||
- commands:
|
- commands:
|
||||||
- ./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm
|
- ./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm
|
||||||
-make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out
|
-make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out
|
||||||
@@ -55,10 +69,24 @@ steps:
|
|||||||
- apk update
|
- apk update
|
||||||
- apk add --no-cache git
|
- apk add --no-cache git
|
||||||
- mkdir .bin
|
- mkdir .bin
|
||||||
- go build -v -o ./.bin/go-away ./cmd/go-away
|
- go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away
|
||||||
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
||||||
image: golang:1.24-alpine3.21
|
image: golang:1.24-alpine3.21
|
||||||
name: build
|
name: build
|
||||||
|
- commands:
|
||||||
|
- ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80
|
||||||
|
--policy examples/forgejo.yml --policy-snippets examples/snippets/
|
||||||
|
depends_on:
|
||||||
|
- build
|
||||||
|
image: alpine:3.21
|
||||||
|
name: check-policy-forgejo
|
||||||
|
- commands:
|
||||||
|
- ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80
|
||||||
|
--policy examples/generic.yml --policy-snippets examples/snippets/
|
||||||
|
depends_on:
|
||||||
|
- build
|
||||||
|
image: alpine:3.21
|
||||||
|
name: check-policy-generic
|
||||||
- commands:
|
- commands:
|
||||||
- ./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm
|
- ./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm
|
||||||
-make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out
|
-make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out
|
||||||
@@ -322,6 +350,6 @@ trigger:
|
|||||||
type: docker
|
type: docker
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: f27dd6fbc73d3dd6e26739576a02b6bf0f9d1c43ee9d6d1439afacdf4e4dbf96
|
hmac: 8aed9810938e4aa4b34c4afb35e1101f27f98a61ffe5349be9a30f22ce7480ed
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -128,6 +128,7 @@ func main() {
|
|||||||
slogLevel := flag.String("slog-level", "WARN", "logging level (see https://pkg.go.dev/log/slog#hdr-Levels)")
|
slogLevel := flag.String("slog-level", "WARN", "logging level (see https://pkg.go.dev/log/slog#hdr-Levels)")
|
||||||
debugMode := flag.Bool("debug", false, "debug mode with logs and server timings")
|
debugMode := flag.Bool("debug", false, "debug mode with logs and server timings")
|
||||||
passThrough := flag.Bool("passthrough", false, "passthrough mode sends all requests to matching backends until state is loaded")
|
passThrough := flag.Bool("passthrough", false, "passthrough mode sends all requests to matching backends until state is loaded")
|
||||||
|
check := flag.Bool("check", false, "check configuration and policies, then exit")
|
||||||
acmeAutocert := flag.String("acme-autocert", "", "enables HTTP(s) mode and uses the provided ACME server URL or available service (available: letsencrypt)")
|
acmeAutocert := flag.String("acme-autocert", "", "enables HTTP(s) mode and uses the provided ACME server URL or available service (available: letsencrypt)")
|
||||||
|
|
||||||
clientIpHeader := flag.String("client-ip-header", "", "Client HTTP header to fetch their IP address from (X-Real-Ip, X-Client-Ip, X-Forwarded-For, Cf-Connecting-Ip, etc.)")
|
clientIpHeader := flag.String("client-ip-header", "", "Client HTTP header to fetch their IP address from (X-Real-Ip, X-Client-Ip, X-Forwarded-For, Cf-Connecting-Ip, etc.)")
|
||||||
@@ -265,34 +266,6 @@ func main() {
|
|||||||
tlsConfig = acmeManager.TLSConfig()
|
tlsConfig = acmeManager.TLSConfig()
|
||||||
}
|
}
|
||||||
|
|
||||||
listener, listenUrl := setupListener(*bindNetwork, *bind, *socketMode, *bindProxy)
|
|
||||||
slog.Warn(
|
|
||||||
"listening",
|
|
||||||
"url", listenUrl,
|
|
||||||
)
|
|
||||||
|
|
||||||
var serverHandler atomic.Pointer[http.Handler]
|
|
||||||
server := utils.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
if handler := serverHandler.Load(); handler == nil {
|
|
||||||
http.Error(w, http.StatusText(http.StatusBadGateway), http.StatusBadGateway)
|
|
||||||
} else {
|
|
||||||
(*handler).ServeHTTP(w, r)
|
|
||||||
}
|
|
||||||
}), tlsConfig)
|
|
||||||
|
|
||||||
if *passThrough {
|
|
||||||
// setup a passthrough handler temporarily
|
|
||||||
fn := http.Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
backend := utils.SelectHTTPHandler(createdBackends, r.Host)
|
|
||||||
if backend == nil {
|
|
||||||
http.Error(w, http.StatusText(http.StatusBadGateway), http.StatusBadGateway)
|
|
||||||
} else {
|
|
||||||
backend.ServeHTTP(w, r)
|
|
||||||
}
|
|
||||||
}))
|
|
||||||
serverHandler.Store(&fn)
|
|
||||||
}
|
|
||||||
|
|
||||||
loadPolicyState := func() (http.Handler, error) {
|
loadPolicyState := func() (http.Handler, error) {
|
||||||
policyData, err := os.ReadFile(*policyFile)
|
policyData, err := os.ReadFile(*policyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -325,6 +298,44 @@ func main() {
|
|||||||
return state, nil
|
return state, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if *check {
|
||||||
|
_, err := loadPolicyState()
|
||||||
|
if err != nil {
|
||||||
|
slog.Error(err.Error())
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
slog.Info("load ok")
|
||||||
|
os.Exit(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
listener, listenUrl := setupListener(*bindNetwork, *bind, *socketMode, *bindProxy)
|
||||||
|
slog.Warn(
|
||||||
|
"listening",
|
||||||
|
"url", listenUrl,
|
||||||
|
)
|
||||||
|
|
||||||
|
var serverHandler atomic.Pointer[http.Handler]
|
||||||
|
server := utils.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if handler := serverHandler.Load(); handler == nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusBadGateway), http.StatusBadGateway)
|
||||||
|
} else {
|
||||||
|
(*handler).ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
}), tlsConfig)
|
||||||
|
|
||||||
|
if *passThrough {
|
||||||
|
// setup a passthrough handler temporarily
|
||||||
|
fn := http.Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
backend := utils.SelectHTTPHandler(createdBackends, r.Host)
|
||||||
|
if backend == nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusBadGateway), http.StatusBadGateway)
|
||||||
|
} else {
|
||||||
|
backend.ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
serverHandler.Store(&fn)
|
||||||
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
handler, err := loadPolicyState()
|
handler, err := loadPolicyState()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -128,6 +128,7 @@ func NewState(p policy.Policy, settings policy.Settings) (handler http.Handler,
|
|||||||
cacheKey := fmt.Sprintf("%s-%d", k, i)
|
cacheKey := fmt.Sprintf("%s-%d", k, i)
|
||||||
var cached []net.IPNet
|
var cached []net.IPNet
|
||||||
if useCache && networkCache != nil {
|
if useCache && networkCache != nil {
|
||||||
|
//TODO: add randomness
|
||||||
cachedData, err := networkCache.Get(cacheKey, time.Hour*24)
|
cachedData, err := networkCache.Get(cacheKey, time.Hour*24)
|
||||||
var l []string
|
var l []string
|
||||||
_ = json.Unmarshal(cachedData, &l)
|
_ = json.Unmarshal(cachedData, &l)
|
||||||
|
|||||||
Reference in New Issue
Block a user