Skip to content

Commit

Permalink
fix: enable expect_proxy_cidrs handling in tcp backends
Browse files Browse the repository at this point in the history
  • Loading branch information
peanball committed Dec 9, 2024
1 parent 6f05faa commit be07d86
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
3 changes: 3 additions & 0 deletions jobs/haproxy/templates/haproxy.config.erb
Original file line number Diff line number Diff line change
Expand Up @@ -986,6 +986,9 @@ frontend tcp-frontend_<%= tcp_proxy["name"]%>
<%- else -%>
bind <%= p("ha_proxy.binding_ip") %>:<%= tcp_proxy["port"] %> <%= tcp_accept_proxy %> <%= v4v6 %>
<%- end -%>
<%- if p("ha_proxy.expect_proxy_cidrs", []).size > 0 -%>
tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }
<%- end -%>
default_backend tcp-<%= tcp_proxy["name"] %>

backend tcp-<%= tcp_proxy["name"] %>
Expand Down
15 changes: 15 additions & 0 deletions spec/haproxy/templates/haproxy_config/frontend_tcp_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,21 @@
end
end
end

context 'when ha_proxy.expect_proxy_cidrs is not empty/nil and ha_proxy.accept_proxy is false' do
let(:properties) do
default_properties.merge({ 'accept_proxy' => false,
'expect_proxy_cidrs' => ['127.0.0.1/8'] })
end

it 'sets expect-proxy of tcp connection to the file proxies_cidrs.txt contents' do
expect(frontend_tcp_redis).to include('bind :6379 ssl')
expect(frontend_tcp_redis).to include('tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }')

expect(frontend_tcp_mysql).to include('bind :3306')
expect(frontend_tcp_mysql).to include('tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }')
end
end
end

context 'when ha_proxy.tcp is not provided' do
Expand Down

0 comments on commit be07d86

Please sign in to comment.