Merge pull request #127 from lucaslorentz/126-skip-network-validation

Allow skip network validation

Author: lucaslorentz

README.md

@@ -287,7 +287,9 @@ This plugin provides these flags:
 -docker-polling-interval duration
       Interval caddy should manually check docker for a new caddyfile (default 30s)
 -proxy-service-tasks
-      Proxy to service tasks instead of VIP
+      Proxy to service tasks instead of VIP (default false)
+-docker-validate-network
+      Validates if caddy container and target are in same network (default true)
 ```
 
 Those flags can also be set via environment variables:
@@ -297,6 +299,7 @@ CADDY_DOCKER_LABEL_PREFIX=<string>
 CADDY_DOCKER_CADDYFILE_PATH=<string>
 CADDY_DOCKER_POLLING_INTERVAL=<duration>
 CADDY_DOCKER_PROXY_SERVICE_TASKS=<bool>
+CADDY_DOCKER_VALIDATE_NETWORK=<bool>
 ```
 
 ## Caddy Telemetry

plugin/generator.go

@@ -28,6 +28,7 @@ type CaddyfileGenerator struct {
 	labelPrefix          string
 	labelRegex           *regexp.Regexp
 	proxyServiceTasks    bool
+	validateNetwork      bool
 	dockerClient         DockerClient
 	dockerUtils          DockerUtils
 	caddyNetworks        map[string]bool
@@ -41,18 +42,21 @@ var suffixRegex = regexp.MustCompile("_\\d+$")
 var labelPrefixFlag string
 var caddyFilePath string
 var proxyServiceTasksFlag bool
+var validateNetworkFlag bool
 
 func init() {
 	flag.StringVar(&labelPrefixFlag, "docker-label-prefix", defaultLabelPrefix, "Prefix for Docker labels")
 	flag.StringVar(&caddyFilePath, "docker-caddyfile-path", "", "Path to a default CaddyFile")
 	flag.BoolVar(&proxyServiceTasksFlag, "proxy-service-tasks", false, "Proxy to service tasks instead of VIP")
+	flag.BoolVar(&validateNetworkFlag, "docker-validate-network", true, "Validates if caddy container and target are in same network")
 }
 
 // GeneratorOptions are the options for generator
 type GeneratorOptions struct {
 	caddyFilePath     string
 	labelPrefix       string
 	proxyServiceTasks bool
+	validateNetwork   bool
 }
 
 // GetGeneratorOptions creates generator options from cli flags and environment variables
@@ -77,6 +81,12 @@ func GetGeneratorOptions() *GeneratorOptions {
 		options.proxyServiceTasks = proxyServiceTasksFlag
 	}
 
+	if validateNetworkEnv := os.Getenv("CADDY_DOCKER_VALIDATE_NETWORK"); validateNetworkEnv != "" {
+		options.validateNetwork = isTrue.MatchString(validateNetworkEnv)
+	} else {
+		options.validateNetwork = validateNetworkFlag
+	}
+
 	return &options
 }
 
@@ -91,6 +101,7 @@ func CreateGenerator(dockerClient DockerClient, dockerUtils DockerUtils, options
 		labelPrefix:       options.labelPrefix,
 		labelRegex:        regexp.MustCompile(labelRegexString),
 		proxyServiceTasks: options.proxyServiceTasks,
+		validateNetwork:   options.validateNetwork,
 	}
 }
 
@@ -99,7 +110,7 @@ func (g *CaddyfileGenerator) GenerateCaddyFile() ([]byte, string) {
 	var caddyfileBuffer bytes.Buffer
 	var logsBuffer bytes.Buffer
 
-	if g.caddyNetworks == nil {
+	if g.validateNetwork && g.caddyNetworks == nil {
 		networks, err := g.getCaddyNetworks()
 		if err == nil {
 			g.caddyNetworks = map[string]bool{}
@@ -266,6 +277,13 @@ func (g *CaddyfileGenerator) getContainerDirectives(container *types.Container)
 }
 
 func (g *CaddyfileGenerator) getContainerIPAddress(container *types.Container) (string, error) {
+	if !g.validateNetwork {
+		for _, network := range container.NetworkSettings.Networks {
+			return network.IPAddress, nil
+		}
+		return "", fmt.Errorf("Container %v doesn't have any network", container.ID)
+	}
+
 	for _, network := range container.NetworkSettings.Networks {
 		if _, isCaddyNetwork := g.caddyNetworks[network.NetworkID]; isCaddyNetwork {
 			return network.IPAddress, nil
@@ -294,6 +312,13 @@ func (g *CaddyfileGenerator) getServiceProxyTarget(service *swarm.Service) (stri
 }
 
 func (g *CaddyfileGenerator) getServiceIPAddress(service *swarm.Service) (string, error) {
+	if !g.validateNetwork {
+		for _, virtualIP := range service.Endpoint.VirtualIPs {
+			return virtualIP.Addr, nil
+		}
+		return "", fmt.Errorf("Service %v doesn't have any virtual IP", service.ID)
+	}
+
 	for _, virtualIP := range service.Endpoint.VirtualIPs {
 		if _, isCaddyNetwork := g.caddyNetworks[virtualIP.NetworkID]; isCaddyNetwork {
 			return virtualIP.Addr, nil

plugin/generator_test.go

@@ -52,7 +52,7 @@ func TestAddContainerWithTemplates(t *testing.T) {
 		"  proxy / 172.17.0.2:5000/api\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddContainerPicksRightNetwork(t *testing.T) {
@@ -81,7 +81,7 @@ func TestAddContainerPicksRightNetwork(t *testing.T) {
 		"  proxy / 172.17.0.2\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddContainerWithMinimumBasicLabels(t *testing.T) {
@@ -106,7 +106,7 @@ func TestAddContainerWithMinimumBasicLabels(t *testing.T) {
 		"  proxy / 172.17.0.2\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddContainerWithAllBasicLabels(t *testing.T) {
@@ -134,7 +134,7 @@ func TestAddContainerWithAllBasicLabels(t *testing.T) {
 		"  proxy / https://172.17.0.2:5000/api\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddContainerFromDifferentNetwork(t *testing.T) {
@@ -161,7 +161,35 @@ func TestAddContainerFromDifferentNetwork(t *testing.T) {
 	const expectedLogs = skipCaddyfileText +
 		"[ERROR] Container CONTAINER-ID and caddy are not in same network\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, expectedLogs)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, expectedLogs)
+}
+
+func TestAddContainerFromDifferentNetworkSkipValidation(t *testing.T) {
+	dockerClient := createBasicDockerClientMock()
+	dockerClient.ContainersData = []types.Container{
+		types.Container{
+			ID: "CONTAINER-ID",
+			NetworkSettings: &types.SummaryNetworkSettings{
+				Networks: map[string]*network.EndpointSettings{
+					"other-network": &network.EndpointSettings{
+						IPAddress: "10.0.0.1",
+						NetworkID: "other-network-id",
+					},
+				},
+			},
+			Labels: map[string]string{
+				fmtLabel("%s.address"): "service.testdomain.com",
+			},
+		},
+	}
+
+	const expectedCaddyfile = "service.testdomain.com {\n" +
+		"  proxy / 10.0.0.1\n" +
+		"}\n"
+
+	const expectedLogs = skipCaddyfileText
+
+	testGeneration(t, dockerClient, false, false, expectedCaddyfile, expectedLogs)
 }
 
 func TestAddContainerWithMultipleConfigs(t *testing.T) {
@@ -201,7 +229,7 @@ func TestAddContainerWithMultipleConfigs(t *testing.T) {
 		"  }\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddContainerWithReplicas(t *testing.T) {
@@ -239,7 +267,7 @@ func TestAddContainerWithReplicas(t *testing.T) {
 		"  proxy / 172.17.0.2 172.17.0.3\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestDoNotMergeProxiesWithDifferentLabelKey(t *testing.T) {
@@ -280,7 +308,7 @@ func TestDoNotMergeProxiesWithDifferentLabelKey(t *testing.T) {
 		"  proxy /b service-b\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddContainersWithSnippets(t *testing.T) {
@@ -329,7 +357,7 @@ func TestAddContainersWithSnippets(t *testing.T) {
 		"  proxy / 172.17.0.3\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceWithTemplates(t *testing.T) {
@@ -386,7 +414,7 @@ func TestAddServiceWithTemplates(t *testing.T) {
 		"  }\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestUseTemplatesToGenerateEmptyValues(t *testing.T) {
@@ -423,7 +451,7 @@ func TestUseTemplatesToGenerateEmptyValues(t *testing.T) {
 		"  }\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceWithMinimumBasicLabels(t *testing.T) {
@@ -452,7 +480,7 @@ func TestAddServiceWithMinimumBasicLabels(t *testing.T) {
 		"  proxy / service\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceWithAllBasicLabels(t *testing.T) {
@@ -484,7 +512,7 @@ func TestAddServiceWithAllBasicLabels(t *testing.T) {
 		"  proxy / https://service:5000/api\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceWithMultipleConfigs(t *testing.T) {
@@ -537,7 +565,7 @@ func TestAddServiceWithMultipleConfigs(t *testing.T) {
 		"  }\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceProxyServiceTasks(t *testing.T) {
@@ -567,7 +595,7 @@ func TestAddServiceProxyServiceTasks(t *testing.T) {
 		"  proxy / tasks.service:5000\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, true, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, true, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceMultipleAddresses(t *testing.T) {
@@ -596,7 +624,7 @@ func TestAddServiceMultipleAddresses(t *testing.T) {
 		"  proxy / service\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAutomaticProxyDoesntOverrideCustomWithSameKey(t *testing.T) {
@@ -628,7 +656,7 @@ func TestAutomaticProxyDoesntOverrideCustomWithSameKey(t *testing.T) {
 		"  proxy /api external-api\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestAddServiceFromDifferentNetwork(t *testing.T) {
@@ -659,7 +687,39 @@ func TestAddServiceFromDifferentNetwork(t *testing.T) {
 	const expectedLogs = skipCaddyfileText +
 		"[ERROR] Service SERVICE-ID and caddy are not in same network\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, expectedLogs)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, expectedLogs)
+}
+
+func TestAddServiceFromDifferentNetworkSkipValidation(t *testing.T) {
+	dockerClient := createBasicDockerClientMock()
+	dockerClient.ServicesData = []swarm.Service{
+		swarm.Service{
+			ID: "SERVICE-ID",
+			Spec: swarm.ServiceSpec{
+				Annotations: swarm.Annotations{
+					Name: "service",
+					Labels: map[string]string{
+						fmtLabel("%s.address"): "service.testdomain.com",
+					},
+				},
+			},
+			Endpoint: swarm.Endpoint{
+				VirtualIPs: []swarm.EndpointVirtualIP{
+					swarm.EndpointVirtualIP{
+						NetworkID: "other-network-id",
+					},
+				},
+			},
+		},
+	}
+
+	const expectedCaddyfile = "service.testdomain.com {\n" +
+		"  proxy / service\n" +
+		"}\n"
+
+	const expectedLogs = skipCaddyfileText
+
+	testGeneration(t, dockerClient, false, false, expectedCaddyfile, expectedLogs)
 }
 
 func TestAddServiceSwarmDisable(t *testing.T) {
@@ -696,7 +756,7 @@ func TestAddServiceSwarmDisable(t *testing.T) {
 		"[INFO] Skipping services because swarm is not available\n" +
 		"[INFO] Skipping configs because swarm is not available\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, expectedLogs)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, expectedLogs)
 }
 
 func TestAddDockerConfigContent(t *testing.T) {
@@ -723,7 +783,7 @@ func TestAddDockerConfigContent(t *testing.T) {
 		"  tls off+\n" +
 		"}\n"
 
-	testGeneration(t, dockerClient, false, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, false, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func TestIgnoreLabelsWithoutCaddyPrefix(t *testing.T) {
@@ -753,13 +813,14 @@ func TestIgnoreLabelsWithoutCaddyPrefix(t *testing.T) {
 
 	const expectedCaddyfile = ""
 
-	testGeneration(t, dockerClient, true, expectedCaddyfile, skipCaddyfileText)
+	testGeneration(t, dockerClient, true, true, expectedCaddyfile, skipCaddyfileText)
 }
 
 func testGeneration(
 	t *testing.T,
 	dockerClient DockerClient,
 	proxyServiceTasks bool,
+	validateNetwork bool,
 	expectedCaddyfile string,
 	expectedLogs string,
 ) {
@@ -768,6 +829,7 @@ func testGeneration(
 	generator := CreateGenerator(dockerClient, dockerUtils, &GeneratorOptions{
 		labelPrefix:       defaultLabelPrefix,
 		proxyServiceTasks: proxyServiceTasks,
+		validateNetwork:   validateNetwork,
 	})
 
 	caddyfileBytes, logs := generator.GenerateCaddyFile()

plugin/go.mod

@@ -13,5 +13,6 @@ require (
 	github.com/gogo/protobuf v1.2.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
 	github.com/opencontainers/image-spec v1.0.1 // indirect
+	github.com/stretchr/testify v1.3.0
 	google.golang.org/grpc v1.23.0 // indirect
 )