From cac55e0ee8d13bcd88a51685b40e19b9bbcb43da Mon Sep 17 00:00:00 2001 From: Olivier Duclos Date: Thu, 22 Feb 2024 12:07:04 +0100 Subject: [PATCH] MINOR: Add support for set-fc-mark, set-fc-tos And also set-bc-mark and set-bc-tos. Those actions reaplce set-mark and set-tos, which are now deprecated in HAProxy. --- configuration/http_request_rule.go | 52 +++++++++ configuration/http_response_rule.go | 26 +++++ configuration/tcp_request_rule.go | 104 ++++++++++++++++++ configuration/tcp_response_rule.go | 33 ++++++ go.mod | 2 +- go.sum | 4 +- models/http_request_rule.go | 18 ++- models/http_response_rule.go | 15 ++- models/http_response_rule_compare.go | 8 ++ models/http_response_rule_compare_test.go | 4 +- models/tcp_request_rule.go | 18 ++- models/tcp_response_rule.go | 12 +- specification/build/haproxy_spec.yaml | 31 ++++++ .../models/configuration/http/request.yaml | 6 +- .../models/configuration/http/response.yaml | 9 ++ .../models/configuration/tcp/request.yaml | 4 +- .../models/configuration/tcp/response.yaml | 4 +- test/configuration_test.go | 16 +++ test/expected/structured.json | 94 ++++++++++++++++ test/http_request_rule_test.go | 7 +- test/tcp_request_rule_test.go | 25 ++++- test/tcp_response_rule_test.go | 7 +- 22 files changed, 468 insertions(+), 31 deletions(-) diff --git a/configuration/http_request_rule.go b/configuration/http_request_rule.go index 5ca9b90d..77fd25a9 100644 --- a/configuration/http_request_rule.go +++ b/configuration/http_request_rule.go @@ -713,6 +713,34 @@ func ParseHTTPRequestRule(f types.Action) (rule *models.HTTPRequestRule, err err Cond: v.Cond, CondTest: v.CondTest, } + case *actions.SetBcMark: + rule = &models.HTTPRequestRule{ + Type: models.HTTPRequestRuleTypeSetDashBcDashMark, + Expr: v.Expr.String(), + Cond: v.Cond, + CondTest: v.CondTest, + } + case *actions.SetBcTos: + rule = &models.HTTPRequestRule{ + Type: models.HTTPRequestRuleTypeSetDashBcDashTos, + Expr: v.Expr.String(), + Cond: v.Cond, + CondTest: v.CondTest, + } + case *actions.SetFcMark: + rule = &models.HTTPRequestRule{ + Type: models.HTTPRequestRuleTypeSetDashFcDashMark, + Expr: v.Expr.String(), + Cond: v.Cond, + CondTest: v.CondTest, + } + case *actions.SetFcTos: + rule = &models.HTTPRequestRule{ + Type: models.HTTPRequestRuleTypeSetDashFcDashTos, + Expr: v.Expr.String(), + Cond: v.Cond, + CondTest: v.CondTest, + } } return rule, err @@ -1191,6 +1219,30 @@ func SerializeHTTPRequestRule(f models.HTTPRequestRule) (rule types.Action, err Cond: f.Cond, CondTest: f.CondTest, } + case "set-bc-mark": + rule = &actions.SetBcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + } + case "set-bc-tos": + rule = &actions.SetBcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + } + case "set-fc-mark": + rule = &actions.SetFcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + } + case "set-fc-tos": + rule = &actions.SetFcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + } } return rule, err diff --git a/configuration/http_response_rule.go b/configuration/http_response_rule.go index f8ad55b9..45ce209f 100644 --- a/configuration/http_response_rule.go +++ b/configuration/http_response_rule.go @@ -534,6 +534,20 @@ func ParseHTTPResponseRule(f types.Action) *models.HTTPResponseRule { //nolint:m Cond: v.Cond, CondTest: v.CondTest, } + case *actions.SetFcMark: + return &models.HTTPResponseRule{ + Type: models.HTTPResponseRuleTypeSetDashFcDashMark, + Expr: v.Expr.String(), + Cond: v.Cond, + CondTest: v.CondTest, + } + case *actions.SetFcTos: + return &models.HTTPResponseRule{ + Type: models.HTTPResponseRuleTypeSetDashFcDashTos, + Expr: v.Expr.String(), + Cond: v.Cond, + CondTest: v.CondTest, + } } return nil } @@ -855,6 +869,18 @@ func SerializeHTTPResponseRule(f models.HTTPResponseRule) (rule types.Action, er Cond: f.Cond, CondTest: f.CondTest, } + case "set-fc-mark": + rule = &actions.SetFcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + } + case "set-fc-tos": + rule = &actions.SetFcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + } } return rule, err } diff --git a/configuration/tcp_request_rule.go b/configuration/tcp_request_rule.go index a8eefe7d..86d9b866 100644 --- a/configuration/tcp_request_rule.go +++ b/configuration/tcp_request_rule.go @@ -300,6 +300,16 @@ func ParseTCPRequestRule(f types.TCPType) (rule *models.TCPRequestRule, err erro rule.Expr = a.Expr.String() rule.Cond = a.Cond rule.CondTest = a.CondTest + case *actions.SetFcMark: + rule.Action = models.TCPRequestRuleActionSetDashFcDashMark + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest + case *actions.SetFcTos: + rule.Action = models.TCPRequestRuleActionSetDashFcDashTos + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest case *tcp_actions.SetSrc: rule.Action = models.TCPRequestRuleActionSetDashSrc rule.Expr = a.Expr.String() @@ -485,6 +495,26 @@ func ParseTCPRequestRule(f types.TCPType) (rule *models.TCPRequestRule, err erro rule.MarkValue = a.Value rule.Cond = a.Cond rule.CondTest = a.CondTest + case *actions.SetBcMark: + rule.Action = models.TCPRequestRuleActionSetDashBcDashMark + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest + case *actions.SetBcTos: + rule.Action = models.TCPRequestRuleActionSetDashBcDashTos + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest + case *actions.SetFcMark: + rule.Action = models.TCPRequestRuleActionSetDashFcDashMark + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest + case *actions.SetFcTos: + rule.Action = models.TCPRequestRuleActionSetDashFcDashTos + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest case *actions.SetSrcPort: rule.Action = models.TCPRequestRuleActionSetDashSrcDashPort rule.Expr = a.Expr.String() @@ -582,6 +612,16 @@ func ParseTCPRequestRule(f types.TCPType) (rule *models.TCPRequestRule, err erro rule.GptValue = a.Expr.String() rule.Cond = a.Cond rule.CondTest = a.CondTest + case *actions.SetFcMark: + rule.Action = models.TCPRequestRuleActionSetDashFcDashMark + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest + case *actions.SetFcTos: + rule.Action = models.TCPRequestRuleActionSetDashFcDashTos + rule.Expr = a.Expr.String() + rule.Cond = a.Cond + rule.CondTest = a.CondTest case *actions.SetVar: rule.Action = models.TCPRequestRuleActionSetDashVar rule.VarScope = a.VarScope @@ -807,6 +847,22 @@ func SerializeTCPRequestRule(f models.TCPRequestRule) (rule types.TCPType, err e CondTest: f.CondTest, }, }, nil + case models.TCPRequestRuleActionSetDashFcDashMark: + return &tcp_types.Connection{ + Action: &actions.SetFcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil + case models.TCPRequestRuleActionSetDashFcDashTos: + return &tcp_types.Connection{ + Action: &actions.SetFcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil } return nil, NewConfError(ErrValidationError, fmt.Sprintf("unsupported action '%T' in tcp_request_rule", f.Action)) case models.TCPRequestRuleTypeContent: @@ -1089,6 +1145,38 @@ func SerializeTCPRequestRule(f models.TCPRequestRule) (rule types.TCPType, err e CondTest: f.CondTest, }, }, nil + case models.TCPRequestRuleActionSetDashBcDashMark: + return &tcp_types.Content{ + Action: &actions.SetBcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil + case models.TCPRequestRuleActionSetDashBcDashTos: + return &tcp_types.Content{ + Action: &actions.SetBcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil + case models.TCPRequestRuleActionSetDashFcDashMark: + return &tcp_types.Content{ + Action: &actions.SetFcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil + case models.TCPRequestRuleActionSetDashFcDashTos: + return &tcp_types.Content{ + Action: &actions.SetFcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil } return nil, NewConfError(ErrValidationError, fmt.Sprintf("unsupported action '%T' in tcp_request_rule", f.Action)) case models.TCPRequestRuleTypeSession: @@ -1243,6 +1331,22 @@ func SerializeTCPRequestRule(f models.TCPRequestRule) (rule types.TCPType, err e CondTest: f.CondTest, }, }, nil + case models.TCPRequestRuleActionSetDashFcDashMark: + return &tcp_types.Session{ + Action: &actions.SetFcMark{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.MarkValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil + case models.TCPRequestRuleActionSetDashFcDashTos: + return &tcp_types.Session{ + Action: &actions.SetFcTos{ + Expr: common.Expression{Expr: strings.Split(f.Expr+f.TosValue, " ")}, + Cond: f.Cond, + CondTest: f.CondTest, + }, + }, nil } return nil, NewConfError(ErrValidationError, fmt.Sprintf("unsupported action '%T' in tcp_request_rule", f.Action)) case models.TCPRequestRuleTypeInspectDashDelay: diff --git a/configuration/tcp_response_rule.go b/configuration/tcp_response_rule.go index 1c52b725..b5053f4b 100644 --- a/configuration/tcp_response_rule.go +++ b/configuration/tcp_response_rule.go @@ -187,6 +187,7 @@ func ParseTCPResponseRules(backend string, p parser.Parser) (models.TCPResponseR return tcpResRules, nil } +//nolint:maintidx func ParseTCPResponseRule(t types.TCPType) (*models.TCPResponseRule, error) { switch v := t.(type) { case *tcp_types.InspectDelay: @@ -346,6 +347,22 @@ func ParseTCPResponseRule(t types.TCPType) (*models.TCPResponseRule, error) { Cond: a.Cond, CondTest: a.CondTest, }, nil + case *actions.SetFcMark: + return &models.TCPResponseRule{ + Type: models.TCPResponseRuleTypeContent, + Action: models.TCPResponseRuleActionSetDashFcDashMark, + Expr: a.Expr.String(), + Cond: a.Cond, + CondTest: a.CondTest, + }, nil + case *actions.SetFcTos: + return &models.TCPResponseRule{ + Type: models.TCPResponseRuleTypeContent, + Action: models.TCPResponseRuleActionSetDashFcDashTos, + Expr: a.Expr.String(), + Cond: a.Cond, + CondTest: a.CondTest, + }, nil case *actions.SilentDrop: return &models.TCPResponseRule{ Type: models.TCPResponseRuleTypeContent, @@ -526,6 +543,22 @@ func SerializeTCPResponseRule(t models.TCPResponseRule) (types.TCPType, error) { CondTest: t.CondTest, }, }, nil + case models.TCPResponseRuleActionSetDashFcDashMark: + return &tcp_types.Content{ + Action: &actions.SetFcMark{ + Expr: common.Expression{Expr: strings.Split(t.Expr+t.MarkValue, " ")}, + Cond: t.Cond, + CondTest: t.CondTest, + }, + }, nil + case models.TCPResponseRuleActionSetDashFcDashTos: + return &tcp_types.Content{ + Action: &actions.SetFcTos{ + Expr: common.Expression{Expr: strings.Split(t.Expr+t.TosValue, " ")}, + Cond: t.Cond, + CondTest: t.CondTest, + }, + }, nil } case models.TCPResponseRuleTypeInspectDashDelay: if t.Timeout != nil { diff --git a/go.mod b/go.mod index 3c7e9ba8..eb5ee84f 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/google/go-cmp v0.6.0 github.com/google/renameio v1.0.1 github.com/google/uuid v1.6.0 - github.com/haproxytech/config-parser/v5 v5.1.1-0.20240221073837-5b782186def2 + github.com/haproxytech/config-parser/v5 v5.1.1-0.20240223102144-ffe6142ca8e4 github.com/json-iterator/go v1.1.12 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/mitchellh/mapstructure v1.5.0 diff --git a/go.sum b/go.sum index 976f11b1..a2051a6a 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/haproxytech/config-parser/v5 v5.1.1-0.20240221073837-5b782186def2 h1:YXI/15X8xJPrnyO8brmiNaFhOD17Ib9nszHRrlEtuIw= -github.com/haproxytech/config-parser/v5 v5.1.1-0.20240221073837-5b782186def2/go.mod h1:iy8nBB1eopwYbyeh3FQpjxZUxfcIDyTV9bW0F1t+cVA= +github.com/haproxytech/config-parser/v5 v5.1.1-0.20240223102144-ffe6142ca8e4 h1:Iszl0fMqYG34rNmNskZVEoFvuN2RZ626y98kvmxqgaQ= +github.com/haproxytech/config-parser/v5 v5.1.1-0.20240223102144-ffe6142ca8e4/go.mod h1:iy8nBB1eopwYbyeh3FQpjxZUxfcIDyTV9bW0F1t+cVA= github.com/haproxytech/go-logger v1.1.0 h1:HgGtYaI1ApkvbQdsm7f9AzQQoxTB7w37criTflh7IQE= github.com/haproxytech/go-logger v1.1.0/go.mod h1:OekUd8HCb7ubxMplzHUPBTHNxZmddOWfOjWclZsqIeM= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= diff --git a/models/http_request_rule.go b/models/http_request_rule.go index 57d55688..305b7756 100644 --- a/models/http_request_rule.go +++ b/models/http_request_rule.go @@ -327,8 +327,8 @@ type HTTPRequestRule struct { // type // Required: true - // Enum: [add-acl add-header allow auth cache-use capture del-acl del-header del-map deny disable-l7-retry do-resolve early-hint lua normalize-uri redirect reject replace-header replace-path replace-pathq replace-uri replace-value return sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-dst set-dst-port set-header set-log-level set-map set-mark set-method set-nice set-path set-pathq set-priority-class set-priority-offset set-query set-src set-src-port set-timeout set-tos set-uri set-var silent-drop strict-mode tarpit track-sc0 track-sc1 track-sc2 track-sc unset-var use-service wait-for-body wait-for-handshake set-bandwidth-limit] - // +kubebuilder:validation:Enum=add-acl;add-header;allow;auth;cache-use;capture;del-acl;del-header;del-map;deny;disable-l7-retry;do-resolve;early-hint;lua;normalize-uri;redirect;reject;replace-header;replace-path;replace-pathq;replace-uri;replace-value;return;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-dst;set-dst-port;set-header;set-log-level;set-map;set-mark;set-method;set-nice;set-path;set-pathq;set-priority-class;set-priority-offset;set-query;set-src;set-src-port;set-timeout;set-tos;set-uri;set-var;silent-drop;strict-mode;tarpit;track-sc0;track-sc1;track-sc2;track-sc;unset-var;use-service;wait-for-body;wait-for-handshake;set-bandwidth-limit; + // Enum: [add-acl add-header allow auth cache-use capture del-acl del-header del-map deny disable-l7-retry do-resolve early-hint lua normalize-uri redirect reject replace-header replace-path replace-pathq replace-uri replace-value return sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-bc-mark set-bc-tos set-dst set-dst-port set-fc-mark set-fc-tos set-header set-log-level set-map set-mark set-method set-nice set-path set-pathq set-priority-class set-priority-offset set-query set-src set-src-port set-timeout set-tos set-uri set-var silent-drop strict-mode tarpit track-sc0 track-sc1 track-sc2 track-sc unset-var use-service wait-for-body wait-for-handshake set-bandwidth-limit] + // +kubebuilder:validation:Enum=add-acl;add-header;allow;auth;cache-use;capture;del-acl;del-header;del-map;deny;disable-l7-retry;do-resolve;early-hint;lua;normalize-uri;redirect;reject;replace-header;replace-path;replace-pathq;replace-uri;replace-value;return;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-bc-mark;set-bc-tos;set-dst;set-dst-port;set-fc-mark;set-fc-tos;set-header;set-log-level;set-map;set-mark;set-method;set-nice;set-path;set-pathq;set-priority-class;set-priority-offset;set-query;set-src;set-src-port;set-timeout;set-tos;set-uri;set-var;silent-drop;strict-mode;tarpit;track-sc0;track-sc1;track-sc2;track-sc;unset-var;use-service;wait-for-body;wait-for-handshake;set-bandwidth-limit; Type string `json:"type"` // uri fmt @@ -1386,7 +1386,7 @@ var httpRequestRuleTypeTypePropEnum []interface{} func init() { var res []string - if err := json.Unmarshal([]byte(`["add-acl","add-header","allow","auth","cache-use","capture","del-acl","del-header","del-map","deny","disable-l7-retry","do-resolve","early-hint","lua","normalize-uri","redirect","reject","replace-header","replace-path","replace-pathq","replace-uri","replace-value","return","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-dst","set-dst-port","set-header","set-log-level","set-map","set-mark","set-method","set-nice","set-path","set-pathq","set-priority-class","set-priority-offset","set-query","set-src","set-src-port","set-timeout","set-tos","set-uri","set-var","silent-drop","strict-mode","tarpit","track-sc0","track-sc1","track-sc2","track-sc","unset-var","use-service","wait-for-body","wait-for-handshake","set-bandwidth-limit"]`), &res); err != nil { + if err := json.Unmarshal([]byte(`["add-acl","add-header","allow","auth","cache-use","capture","del-acl","del-header","del-map","deny","disable-l7-retry","do-resolve","early-hint","lua","normalize-uri","redirect","reject","replace-header","replace-path","replace-pathq","replace-uri","replace-value","return","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-bc-mark","set-bc-tos","set-dst","set-dst-port","set-fc-mark","set-fc-tos","set-header","set-log-level","set-map","set-mark","set-method","set-nice","set-path","set-pathq","set-priority-class","set-priority-offset","set-query","set-src","set-src-port","set-timeout","set-tos","set-uri","set-var","silent-drop","strict-mode","tarpit","track-sc0","track-sc1","track-sc2","track-sc","unset-var","use-service","wait-for-body","wait-for-handshake","set-bandwidth-limit"]`), &res); err != nil { panic(err) } for _, v := range res { @@ -1483,12 +1483,24 @@ const ( // HTTPRequestRuleTypeSendDashSpoeDashGroup captures enum value "send-spoe-group" HTTPRequestRuleTypeSendDashSpoeDashGroup string = "send-spoe-group" + // HTTPRequestRuleTypeSetDashBcDashMark captures enum value "set-bc-mark" + HTTPRequestRuleTypeSetDashBcDashMark string = "set-bc-mark" + + // HTTPRequestRuleTypeSetDashBcDashTos captures enum value "set-bc-tos" + HTTPRequestRuleTypeSetDashBcDashTos string = "set-bc-tos" + // HTTPRequestRuleTypeSetDashDst captures enum value "set-dst" HTTPRequestRuleTypeSetDashDst string = "set-dst" // HTTPRequestRuleTypeSetDashDstDashPort captures enum value "set-dst-port" HTTPRequestRuleTypeSetDashDstDashPort string = "set-dst-port" + // HTTPRequestRuleTypeSetDashFcDashMark captures enum value "set-fc-mark" + HTTPRequestRuleTypeSetDashFcDashMark string = "set-fc-mark" + + // HTTPRequestRuleTypeSetDashFcDashTos captures enum value "set-fc-tos" + HTTPRequestRuleTypeSetDashFcDashTos string = "set-fc-tos" + // HTTPRequestRuleTypeSetDashHeader captures enum value "set-header" HTTPRequestRuleTypeSetDashHeader string = "set-header" diff --git a/models/http_response_rule.go b/models/http_response_rule.go index 736fd02f..830e98b9 100644 --- a/models/http_response_rule.go +++ b/models/http_response_rule.go @@ -89,6 +89,9 @@ type HTTPResponseRule struct { // +kubebuilder:validation:Minimum=200 DenyStatus *int64 `json:"deny_status,omitempty"` + // expr + Expr string `json:"expr,omitempty"` + // hdr format HdrFormat string `json:"hdr_format,omitempty"` @@ -276,8 +279,8 @@ type HTTPResponseRule struct { // type // Required: true - // Enum: [add-acl add-header allow cache-store capture del-acl del-header del-map deny lua redirect replace-header replace-value return sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-header set-log-level set-map set-mark set-nice set-status set-timeout set-tos set-var set-var-fmt silent-drop strict-mode track-sc0 track-sc1 track-sc2 track-sc unset-var wait-for-body set-bandwidth-limit] - // +kubebuilder:validation:Enum=add-acl;add-header;allow;cache-store;capture;del-acl;del-header;del-map;deny;lua;redirect;replace-header;replace-value;return;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-header;set-log-level;set-map;set-mark;set-nice;set-status;set-timeout;set-tos;set-var;set-var-fmt;silent-drop;strict-mode;track-sc0;track-sc1;track-sc2;track-sc;unset-var;wait-for-body;set-bandwidth-limit; + // Enum: [add-acl add-header allow cache-store capture del-acl del-header del-map deny lua redirect replace-header replace-value return sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-fc-mark set-fc-tos set-header set-log-level set-map set-mark set-nice set-status set-timeout set-tos set-var set-var-fmt silent-drop strict-mode track-sc0 track-sc1 track-sc2 track-sc unset-var wait-for-body set-bandwidth-limit] + // +kubebuilder:validation:Enum=add-acl;add-header;allow;cache-store;capture;del-acl;del-header;del-map;deny;lua;redirect;replace-header;replace-value;return;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-fc-mark;set-fc-tos;set-header;set-log-level;set-map;set-mark;set-nice;set-status;set-timeout;set-tos;set-var;set-var-fmt;silent-drop;strict-mode;track-sc0;track-sc1;track-sc2;track-sc;unset-var;wait-for-body;set-bandwidth-limit; Type string `json:"type"` // var expr @@ -1143,7 +1146,7 @@ var httpResponseRuleTypeTypePropEnum []interface{} func init() { var res []string - if err := json.Unmarshal([]byte(`["add-acl","add-header","allow","cache-store","capture","del-acl","del-header","del-map","deny","lua","redirect","replace-header","replace-value","return","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-header","set-log-level","set-map","set-mark","set-nice","set-status","set-timeout","set-tos","set-var","set-var-fmt","silent-drop","strict-mode","track-sc0","track-sc1","track-sc2","track-sc","unset-var","wait-for-body","set-bandwidth-limit"]`), &res); err != nil { + if err := json.Unmarshal([]byte(`["add-acl","add-header","allow","cache-store","capture","del-acl","del-header","del-map","deny","lua","redirect","replace-header","replace-value","return","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-fc-mark","set-fc-tos","set-header","set-log-level","set-map","set-mark","set-nice","set-status","set-timeout","set-tos","set-var","set-var-fmt","silent-drop","strict-mode","track-sc0","track-sc1","track-sc2","track-sc","unset-var","wait-for-body","set-bandwidth-limit"]`), &res); err != nil { panic(err) } for _, v := range res { @@ -1213,6 +1216,12 @@ const ( // HTTPResponseRuleTypeSendDashSpoeDashGroup captures enum value "send-spoe-group" HTTPResponseRuleTypeSendDashSpoeDashGroup string = "send-spoe-group" + // HTTPResponseRuleTypeSetDashFcDashMark captures enum value "set-fc-mark" + HTTPResponseRuleTypeSetDashFcDashMark string = "set-fc-mark" + + // HTTPResponseRuleTypeSetDashFcDashTos captures enum value "set-fc-tos" + HTTPResponseRuleTypeSetDashFcDashTos string = "set-fc-tos" + // HTTPResponseRuleTypeSetDashHeader captures enum value "set-header" HTTPResponseRuleTypeSetDashHeader string = "set-header" diff --git a/models/http_response_rule_compare.go b/models/http_response_rule_compare.go index 04d72d3d..cd7960cb 100644 --- a/models/http_response_rule_compare.go +++ b/models/http_response_rule_compare.go @@ -90,6 +90,10 @@ func (s HTTPResponseRule) Equal(t HTTPResponseRule, opts ...Options) bool { return false } + if s.Expr != t.Expr { + return false + } + if s.HdrFormat != t.HdrFormat { return false } @@ -366,6 +370,10 @@ func (s HTTPResponseRule) Diff(t HTTPResponseRule, opts ...Options) map[string][ diff["DenyStatus"] = []interface{}{ValueOrNil(s.DenyStatus), ValueOrNil(t.DenyStatus)} } + if s.Expr != t.Expr { + diff["Expr"] = []interface{}{s.Expr, t.Expr} + } + if s.HdrFormat != t.HdrFormat { diff["HdrFormat"] = []interface{}{s.HdrFormat, t.HdrFormat} } diff --git a/models/http_response_rule_compare_test.go b/models/http_response_rule_compare_test.go index 2421dc67..f1e9bdd7 100644 --- a/models/http_response_rule_compare_test.go +++ b/models/http_response_rule_compare_test.go @@ -195,7 +195,7 @@ func TestHTTPResponseRuleDiffFalse(t *testing.T) { for _, sample := range samples { result := sample.a.Diff(sample.b) - if len(result) != 61-1 { + if len(result) != 62-1 { json := jsoniter.ConfigCompatibleWithStandardLibrary a, err := json.Marshal(&sample.a) if err != nil { @@ -205,7 +205,7 @@ func TestHTTPResponseRuleDiffFalse(t *testing.T) { if err != nil { t.Errorf(err.Error()) } - t.Errorf("Expected HTTPResponseRule to be different in 61 cases, but it is not (%d) %s %s", len(result), a, b) + t.Errorf("Expected HTTPResponseRule to be different in 62 cases, but it is not (%d) %s %s", len(result), a, b) } } } diff --git a/models/tcp_request_rule.go b/models/tcp_request_rule.go index d0f6db77..1868984f 100644 --- a/models/tcp_request_rule.go +++ b/models/tcp_request_rule.go @@ -38,8 +38,8 @@ import ( // swagger:model tcp_request_rule type TCPRequestRule struct { // action - // Enum: [accept attach-srv capture do-resolve expect-netscaler-cip expect-proxy reject sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-dst-port set-dst set-priority set-src set-var silent-drop track-sc0 track-sc1 track-sc2 track-sc unset-var use-service lua set-bandwidth-limit set-src-port set-mark set-tos set-var-fmt set-log-level set-nice switch-mode] - // +kubebuilder:validation:Enum=accept;attach-srv;capture;do-resolve;expect-netscaler-cip;expect-proxy;reject;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-dst-port;set-dst;set-priority;set-src;set-var;silent-drop;track-sc0;track-sc1;track-sc2;track-sc;unset-var;use-service;lua;set-bandwidth-limit;set-src-port;set-mark;set-tos;set-var-fmt;set-log-level;set-nice;switch-mode; + // Enum: [accept attach-srv capture do-resolve expect-netscaler-cip expect-proxy reject sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-dst-port set-dst set-priority set-src set-var silent-drop track-sc0 track-sc1 track-sc2 track-sc unset-var use-service lua set-bandwidth-limit set-src-port set-mark set-tos set-var-fmt set-log-level set-nice switch-mode set-bc-mark set-bc-tos set-fc-mark set-fc-tos] + // +kubebuilder:validation:Enum=accept;attach-srv;capture;do-resolve;expect-netscaler-cip;expect-proxy;reject;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-dst-port;set-dst;set-priority;set-src;set-var;silent-drop;track-sc0;track-sc1;track-sc2;track-sc;unset-var;use-service;lua;set-bandwidth-limit;set-src-port;set-mark;set-tos;set-var-fmt;set-log-level;set-nice;switch-mode;set-bc-mark;set-bc-tos;set-fc-mark;set-fc-tos; Action string `json:"action,omitempty"` // bandwidth limit limit @@ -249,7 +249,7 @@ var tcpRequestRuleTypeActionPropEnum []interface{} func init() { var res []string - if err := json.Unmarshal([]byte(`["accept","attach-srv","capture","do-resolve","expect-netscaler-cip","expect-proxy","reject","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-dst-port","set-dst","set-priority","set-src","set-var","silent-drop","track-sc0","track-sc1","track-sc2","track-sc","unset-var","use-service","lua","set-bandwidth-limit","set-src-port","set-mark","set-tos","set-var-fmt","set-log-level","set-nice","switch-mode"]`), &res); err != nil { + if err := json.Unmarshal([]byte(`["accept","attach-srv","capture","do-resolve","expect-netscaler-cip","expect-proxy","reject","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-dst-port","set-dst","set-priority","set-src","set-var","silent-drop","track-sc0","track-sc1","track-sc2","track-sc","unset-var","use-service","lua","set-bandwidth-limit","set-src-port","set-mark","set-tos","set-var-fmt","set-log-level","set-nice","switch-mode","set-bc-mark","set-bc-tos","set-fc-mark","set-fc-tos"]`), &res); err != nil { panic(err) } for _, v := range res { @@ -360,6 +360,18 @@ const ( // TCPRequestRuleActionSwitchDashMode captures enum value "switch-mode" TCPRequestRuleActionSwitchDashMode string = "switch-mode" + + // TCPRequestRuleActionSetDashBcDashMark captures enum value "set-bc-mark" + TCPRequestRuleActionSetDashBcDashMark string = "set-bc-mark" + + // TCPRequestRuleActionSetDashBcDashTos captures enum value "set-bc-tos" + TCPRequestRuleActionSetDashBcDashTos string = "set-bc-tos" + + // TCPRequestRuleActionSetDashFcDashMark captures enum value "set-fc-mark" + TCPRequestRuleActionSetDashFcDashMark string = "set-fc-mark" + + // TCPRequestRuleActionSetDashFcDashTos captures enum value "set-fc-tos" + TCPRequestRuleActionSetDashFcDashTos string = "set-fc-tos" ) // prop value enum diff --git a/models/tcp_response_rule.go b/models/tcp_response_rule.go index 8aabd64a..dc2a8ecc 100644 --- a/models/tcp_response_rule.go +++ b/models/tcp_response_rule.go @@ -38,8 +38,8 @@ import ( // swagger:model tcp_response_rule type TCPResponseRule struct { // action - // Enum: [accept reject lua set-bandwidth-limit close sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-log-level set-mark set-nice set-tos silent-drop unset-var] - // +kubebuilder:validation:Enum=accept;reject;lua;set-bandwidth-limit;close;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-log-level;set-mark;set-nice;set-tos;silent-drop;unset-var; + // Enum: [accept reject lua set-bandwidth-limit close sc-add-gpc sc-inc-gpc sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-log-level set-mark set-nice set-tos set-fc-mark set-fc-tos silent-drop unset-var] + // +kubebuilder:validation:Enum=accept;reject;lua;set-bandwidth-limit;close;sc-add-gpc;sc-inc-gpc;sc-inc-gpc0;sc-inc-gpc1;sc-set-gpt0;send-spoe-group;set-log-level;set-mark;set-nice;set-tos;set-fc-mark;set-fc-tos;silent-drop;unset-var; Action string `json:"action,omitempty"` // bandwidth limit limit @@ -204,7 +204,7 @@ var tcpResponseRuleTypeActionPropEnum []interface{} func init() { var res []string - if err := json.Unmarshal([]byte(`["accept","reject","lua","set-bandwidth-limit","close","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-log-level","set-mark","set-nice","set-tos","silent-drop","unset-var"]`), &res); err != nil { + if err := json.Unmarshal([]byte(`["accept","reject","lua","set-bandwidth-limit","close","sc-add-gpc","sc-inc-gpc","sc-inc-gpc0","sc-inc-gpc1","sc-set-gpt0","send-spoe-group","set-log-level","set-mark","set-nice","set-tos","set-fc-mark","set-fc-tos","silent-drop","unset-var"]`), &res); err != nil { panic(err) } for _, v := range res { @@ -259,6 +259,12 @@ const ( // TCPResponseRuleActionSetDashTos captures enum value "set-tos" TCPResponseRuleActionSetDashTos string = "set-tos" + // TCPResponseRuleActionSetDashFcDashMark captures enum value "set-fc-mark" + TCPResponseRuleActionSetDashFcDashMark string = "set-fc-mark" + + // TCPResponseRuleActionSetDashFcDashTos captures enum value "set-fc-tos" + TCPResponseRuleActionSetDashFcDashTos string = "set-fc-tos" + // TCPResponseRuleActionSilentDashDrop captures enum value "silent-drop" TCPResponseRuleActionSilentDashDrop string = "silent-drop" diff --git a/specification/build/haproxy_spec.yaml b/specification/build/haproxy_spec.yaml index 675c351b..48eb84c1 100644 --- a/specification/build/haproxy_spec.yaml +++ b/specification/build/haproxy_spec.yaml @@ -3818,8 +3818,12 @@ definitions: required: true value: - do-resolve + - set-bc-mark + - set-bc-tos - set-dst - set-dst-port + - set-fc-mark + - set-fc-tos - set-priority-class - set-priority-offset - set-src @@ -4334,8 +4338,12 @@ definitions: - sc-inc-gpc1 - sc-set-gpt0 - send-spoe-group + - set-bc-mark + - set-bc-tos - set-dst - set-dst-port + - set-fc-mark + - set-fc-tos - set-header - set-log-level - set-map @@ -4536,6 +4544,15 @@ definitions: type: value: deny x-nullable: true + expr: + type: string + x-dependency: + type: + required: true + value: + - set-fc-mark + - set-fc-tos + x-display-name: Standard HAProxy expression hdr_format: type: string x-dependency: @@ -4942,6 +4959,8 @@ definitions: - sc-inc-gpc1 - sc-set-gpt0 - send-spoe-group + - set-fc-mark + - set-fc-tos - set-header - set-log-level - set-map @@ -5677,6 +5696,10 @@ definitions: - set-log-level - set-nice - switch-mode + - set-bc-mark + - set-bc-tos + - set-fc-mark + - set-fc-tos type: string x-dependency: type: @@ -5776,6 +5799,10 @@ definitions: - set-dst - set-dst-port - set-src-port + - set-bc-mark + - set-bc-tos + - set-fc-mark + - set-fc-tos type: value: - session @@ -6156,6 +6183,8 @@ definitions: - set-mark - set-nice - set-tos + - set-fc-mark + - set-fc-tos - silent-drop - unset-var type: string @@ -6217,6 +6246,8 @@ definitions: value: - set-src-port - sc-set-gpt0 + - set-fc-mark + - set-fc-tos type: value: content x-display-name: Standard HAProxy expression diff --git a/specification/models/configuration/http/request.yaml b/specification/models/configuration/http/request.yaml index 1527f157..2b94e919 100644 --- a/specification/models/configuration/http/request.yaml +++ b/specification/models/configuration/http/request.yaml @@ -42,8 +42,12 @@ http_request_rule: - sc-inc-gpc1 - sc-set-gpt0 - send-spoe-group + - set-bc-mark + - set-bc-tos - set-dst - set-dst-port + - set-fc-mark + - set-fc-tos - set-header - set-log-level - set-map @@ -452,7 +456,7 @@ http_request_rule: x-display-name: Standard HAProxy expression x-dependency: type: - value: [do-resolve, set-dst, set-dst-port, set-priority-class, set-priority-offset, set-src, set-src-port] + value: [do-resolve, set-bc-mark, set-bc-tos, set-dst, set-dst-port, set-fc-mark, set-fc-tos, set-priority-class, set-priority-offset, set-src, set-src-port] required: true sc_expr: type: string diff --git a/specification/models/configuration/http/response.yaml b/specification/models/configuration/http/response.yaml index 715ef734..ea496c12 100644 --- a/specification/models/configuration/http/response.yaml +++ b/specification/models/configuration/http/response.yaml @@ -33,6 +33,8 @@ http_response_rule: - sc-inc-gpc1 - sc-set-gpt0 - send-spoe-group + - set-fc-mark + - set-fc-tos - set-header - set-log-level - set-map @@ -69,6 +71,13 @@ http_response_rule: type: value: capture required: true + expr: + type: string + x-display-name: Standard HAProxy expression + x-dependency: + type: + value: [set-fc-mark, set-fc-tos] + required: true redir_type: type: string x-display-name: Redirect Type diff --git a/specification/models/configuration/tcp/request.yaml b/specification/models/configuration/tcp/request.yaml index 5200f632..41572715 100644 --- a/specification/models/configuration/tcp/request.yaml +++ b/specification/models/configuration/tcp/request.yaml @@ -16,7 +16,7 @@ tcp_request_rule: x-nullable: false action: type: string - enum: [accept, attach-srv, capture, do-resolve, expect-netscaler-cip, expect-proxy, reject, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt0, send-spoe-group, set-dst-port, set-dst, set-priority, set-src, set-var, silent-drop, track-sc0, track-sc1, track-sc2, track-sc, unset-var, use-service, lua, set-bandwidth-limit, set-src-port, set-mark, set-tos, set-var-fmt, set-log-level, set-nice, switch-mode] + enum: [accept, attach-srv, capture, do-resolve, expect-netscaler-cip, expect-proxy, reject, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt0, send-spoe-group, set-dst-port, set-dst, set-priority, set-src, set-var, silent-drop, track-sc0, track-sc1, track-sc2, track-sc, unset-var, use-service, lua, set-bandwidth-limit, set-src-port, set-mark, set-tos, set-var-fmt, set-log-level, set-nice, switch-mode, set-bc-mark, set-bc-tos, set-fc-mark, set-fc-tos] x-nullable: false x-dependency: type: @@ -228,7 +228,7 @@ tcp_request_rule: x-display-name: Standard HAProxy expression x-dependency: action: - value: [do-resolve, set-var, set-src, set-priority, set-dst, set-dst-port, set-src-port] + value: [do-resolve, set-var, set-src, set-priority, set-dst, set-dst-port, set-src-port, set-bc-mark, set-bc-tos, set-fc-mark, set-fc-tos] required: true type: value: [session, connection, content] diff --git a/specification/models/configuration/tcp/response.yaml b/specification/models/configuration/tcp/response.yaml index 2246e95c..1640c2fa 100644 --- a/specification/models/configuration/tcp/response.yaml +++ b/specification/models/configuration/tcp/response.yaml @@ -16,7 +16,7 @@ tcp_response_rule: x-nullable: false action: type: string - enum: [accept, reject, lua, set-bandwidth-limit, close, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt0, send-spoe-group, set-log-level, set-mark, set-nice, set-tos, silent-drop, unset-var] + enum: [accept, reject, lua, set-bandwidth-limit, close, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt0, send-spoe-group, set-log-level, set-mark, set-nice, set-tos, set-fc-mark, set-fc-tos, silent-drop, unset-var] x-nullable: false x-dependency: type: @@ -76,7 +76,7 @@ tcp_response_rule: x-display-name: Standard HAProxy expression x-dependency: action: - value: [set-src-port, sc-set-gpt0] + value: [set-src-port, sc-set-gpt0, set-fc-mark, set-fc-tos] required: true type: value: content diff --git a/test/configuration_test.go b/test/configuration_test.go index c0d6ac83..aced8ec7 100644 --- a/test/configuration_test.go +++ b/test/configuration_test.go @@ -435,6 +435,10 @@ frontend test http-request track-sc1 src table tr1 if TRUE http-request track-sc2 src table tr2 if TRUE http-request track-sc5 src table test if TRUE + http-request set-bc-mark 123 if TRUE + http-request set-bc-tos 0x22 + http-request set-fc-mark hdr(port) + http-request set-fc-tos 255 if FALSE http-response allow if src 192.168.0.0/16 http-response set-header X-SSL %[ssl_fc] http-response set-var(req.my_var) req.fhdr(user-agent),lower @@ -520,6 +524,14 @@ frontend test tcp-request session attach-srv srv1 tcp-request session attach-srv srv2 name example.com tcp-request session attach-srv srv3 if is_cached + tcp-request connection set-fc-mark 0xffffffff + tcp-request connection set-fc-tos 0 + tcp-request session set-fc-mark 0 + tcp-request session set-fc-tos 0xff + tcp-request content set-bc-mark 899 if TRUE + tcp-request content set-bc-tos 2 if FALSE + tcp-request content set-fc-mark hdr(port) if TRUE + tcp-request content set-fc-tos req.hdr_cnt("X-Secret") log global no log log 127.0.0.1:514 local0 notice notice @@ -662,6 +674,8 @@ backend test tcp-response content set-tos 2 if FALSE tcp-response content silent-drop if FALSE tcp-response content unset-var(req.my_var) if FALSE + tcp-response content set-fc-mark 7676 if TRUE + tcp-response content set-fc-tos 0xab if FALSE option contstats timeout check 2s timeout tunnel 5s @@ -740,6 +754,8 @@ backend test http-send-name-header X-My-Awesome-Header persist rdp-cookie(name) source 192.168.1.222 usesrc hdr_ip(hdr,occ) + http-response set-fc-mark 123 + http-response set-fc-tos 1 if TRUE peers mycluster enabled diff --git a/test/expected/structured.json b/test/expected/structured.json index a8b836e8..95eb6560 100644 --- a/test/expected/structured.json +++ b/test/expected/structured.json @@ -845,6 +845,22 @@ "type": "content", "var_name": "my_var", "var_scope": "req" + }, + { + "action": "set-fc-mark", + "cond": "if", + "cond_test": "TRUE", + "index": 18, + "type": "content", + "expr": "7676" + }, + { + "action": "set-fc-tos", + "cond": "if", + "cond_test": "FALSE", + "index": 19, + "type": "content", + "expr": "0xab" } ], "waf_body_rule_list": [ @@ -1982,6 +1998,30 @@ "track_sc_stick_counter": 5, "track_sc_table": "test", "type": "track-sc" + }, + { + "index": 47, + "type": "set-bc-mark", + "expr": "123", + "cond": "if", + "cond_test": "TRUE" + }, + { + "index": 48, + "type": "set-bc-tos", + "expr": "0x22" + }, + { + "index": 49, + "type": "set-fc-mark", + "expr": "hdr(port)" + }, + { + "index": 50, + "type": "set-fc-tos", + "expr": "255", + "cond": "if", + "cond_test": "FALSE" } ], "http_response_rule_list": [ @@ -2538,6 +2578,60 @@ "index": 32, "server_name": "srv3", "type": "session" + }, + { + "action": "set-fc-mark", + "index": 33, + "type": "connection", + "expr": "0xffffffff" + }, + { + "action": "set-fc-tos", + "index": 34, + "type": "connection", + "expr": "0" + }, + { + "action": "set-fc-mark", + "index": 35, + "type": "session", + "expr": "0" + }, + { + "action": "set-fc-tos", + "index": 36, + "type": "session", + "expr": "0xff" + }, + { + "action": "set-bc-mark", + "index": 37, + "type": "content", + "expr": "899", + "cond": "if", + "cond_test": "TRUE" + }, + { + "action": "set-bc-tos", + "index": 38, + "type": "content", + "expr": "2", + "cond": "if", + "cond_test": "FALSE" + }, + { + "action": "set-fc-mark", + "index": 39, + "type": "content", + "expr": "hdr(port)", + "cond": "if", + "cond_test": "TRUE" + }, + { + "action": "set-fc-tos", + "index": 40, + "type": "content", + "expr": "req.hdr_cnt(\"X-Secret\")" } ], "binds": { diff --git a/test/http_request_rule_test.go b/test/http_request_rule_test.go index 331036d9..c476b67f 100644 --- a/test/http_request_rule_test.go +++ b/test/http_request_rule_test.go @@ -189,7 +189,8 @@ func TestCreateEditDeleteHTTPRequestRule(t *testing.T) { } // TestDeleteHTTPRequest - err = clientTest.DeleteHTTPRequestRule(47, configuration.FrontendParentName, "test", "", version) + N := int64(51) // number of http-request rules on frontend "test" + err = clientTest.DeleteHTTPRequestRule(N, configuration.FrontendParentName, "test", "", version) if err != nil { t.Error(err.Error()) } else { @@ -200,9 +201,9 @@ func TestCreateEditDeleteHTTPRequestRule(t *testing.T) { t.Error("Version not incremented") } - _, _, err = clientTest.GetHTTPRequestRule(47, "frontend", "test", "") + _, _, err = clientTest.GetHTTPRequestRule(N, "frontend", "test", "") if err == nil { - t.Error("DeleteHTTPRequestRule failed, HTTP Request Rule 47 still exists") + t.Errorf("DeleteHTTPRequestRule failed, HTTP Request Rule %d still exists", N) } err = clientTest.DeleteHTTPRequestRule(2, configuration.BackendParentName, "test_2", "", version) diff --git a/test/tcp_request_rule_test.go b/test/tcp_request_rule_test.go index 9d849bff..312a16a5 100644 --- a/test/tcp_request_rule_test.go +++ b/test/tcp_request_rule_test.go @@ -168,7 +168,8 @@ func TestCreateEditDeleteTCPRequestRule(t *testing.T) { } // TestDeleteTCPRequest - err = clientTest.DeleteTCPRequestRule(33, configuration.FrontendParentName, "test", "", version) + N := int64(41) // number of tcp-request rules in frontend "test" + err = clientTest.DeleteTCPRequestRule(N, configuration.FrontendParentName, "test", "", version) if err != nil { t.Error(err.Error()) } else { @@ -179,9 +180,9 @@ func TestCreateEditDeleteTCPRequestRule(t *testing.T) { t.Error("Version not incremented") } - _, _, err = clientTest.GetTCPRequestRule(33, configuration.FrontendParentName, "test", "") + _, _, err = clientTest.GetTCPRequestRule(N, configuration.FrontendParentName, "test", "") if err == nil { - t.Error("DeleteTCPRequestRule failed, TCP Request Rule 33 still exists") + t.Errorf("DeleteTCPRequestRule failed, TCP Request Rule %d still exists", N) } err = clientTest.DeleteTCPRequestRule(27, configuration.BackendParentName, "test_2", "", version) @@ -394,6 +395,24 @@ func TestSerializeTCPRequestRule(t *testing.T) { }, expectedResult: "session attach-srv srv8 unless limit_exceeded", }, + { + input: models.TCPRequestRule{ + Type: models.TCPRequestRuleTypeContent, + Action: models.TCPRequestRuleActionSetDashBcDashMark, + Expr: "0xffff", + Cond: "if", + CondTest: "TRUE", + }, + expectedResult: "content set-bc-mark 0xffff if TRUE", + }, + { + input: models.TCPRequestRule{ + Type: models.TCPRequestRuleTypeContent, + Action: models.TCPRequestRuleActionSetDashBcDashMark, + MarkValue: "123", + }, + expectedResult: "content set-bc-mark 123", + }, } for _, testCase := range testCases { diff --git a/test/tcp_response_rule_test.go b/test/tcp_response_rule_test.go index 633669ba..96f5f1b4 100644 --- a/test/tcp_response_rule_test.go +++ b/test/tcp_response_rule_test.go @@ -166,7 +166,8 @@ func TestCreateEditDeleteTCPResponseRule(t *testing.T) { } // TestDeleteTCPResponse - err = clientTest.DeleteTCPResponseRule(18, "test", "", version) + N := int64(20) // number of tcp-response rules in backend "test" + err = clientTest.DeleteTCPResponseRule(N, "test", "", version) if err != nil { t.Error(err.Error()) } else { @@ -177,9 +178,9 @@ func TestCreateEditDeleteTCPResponseRule(t *testing.T) { t.Error("Version not incremented") } - _, _, err = clientTest.GetTCPResponseRule(18, "test", "") + _, _, err = clientTest.GetTCPResponseRule(N, "test", "") if err == nil { - t.Error("DeleteTCPResponseRule failed, TCP Response Rule 17 still exists") + t.Errorf("DeleteTCPResponseRule failed, TCP Response Rule %d still exists", N) } err = clientTest.DeleteTCPResponseRule(18, "test_2", "", version)