diff --git a/.semaphoreci/golang.sh b/.semaphoreci/golang.sh new file mode 100755 index 000000000..ec24aac57 --- /dev/null +++ b/.semaphoreci/golang.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -e + +curl -O https://dl.google.com/go/go1.12.linux-amd64.tar.gz + +tar -xvf go1.12.linux-amd64.tar.gz +rm -rf go1.12.linux-amd64.tar.gz + +sudo mkdir -p /usr/local/golang/1.12/go +sudo mv go /usr/local/golang/1.12/ + +sudo rm /usr/local/bin/go +sudo chmod +x /usr/local/golang/1.12/go/bin/go +sudo ln -s /usr/local/golang/1.12/go/bin/go /usr/local/bin/go + +export GOROOT="/usr/local/golang/1.12/go" +export GOTOOLDIR="/usr/local/golang/1.12/go/pkg/tool/linux_amd64" + +go version diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 48fbf9146..278ef1c76 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ You need to run the `binary` target. This will create binaries for Linux platfor $ make binary docker build -t "traefik-dev:no-more-godep-ever" -f build.Dockerfile . Sending build context to Docker daemon 295.3 MB -Step 0 : FROM golang:1.11-alpine +Step 0 : FROM golang:1.12-alpine ---> 8c6473912976 Step 1 : RUN go get github.com/golang/dep/cmd/dep [...] diff --git a/Makefile b/Makefile index 336c5d54e..8a4904b89 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,7 @@ test-integration: build ## run the integration tests TEST_HOST=1 ./script/make.sh test-integration validate: build ## validate code, vendor and autogen - $(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-gofmt validate-govet validate-golint validate-misspell validate-vendor validate-autogen + $(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-gofmt validate-golint validate-misspell validate-vendor validate-autogen build: dist docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile . diff --git a/build.Dockerfile b/build.Dockerfile index 23774dd0d..51e757f52 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.11-alpine +FROM golang:1.12-alpine RUN apk --update upgrade \ && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \ @@ -6,7 +6,6 @@ RUN apk --update upgrade \ && rm -rf /var/cache/apk/* RUN go get golang.org/x/lint/golint \ -&& go get github.com/kisielk/errcheck \ && go get github.com/client9/misspell/cmd/misspell # Which docker version to test on diff --git a/exp.Dockerfile b/exp.Dockerfile index af4fce14f..3b8801cf2 100644 --- a/exp.Dockerfile +++ b/exp.Dockerfile @@ -12,7 +12,7 @@ RUN yarn install RUN npm run build # BUILD -FROM golang:1.11-alpine as gobuild +FROM golang:1.12-alpine as gobuild RUN apk --update upgrade \ && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \ diff --git a/middlewares/retry_test.go b/middlewares/retry_test.go index 30160be33..eaa58befc 100644 --- a/middlewares/retry_test.go +++ b/middlewares/retry_test.go @@ -5,6 +5,7 @@ import ( "net/http" "net/http/httptest" "net/http/httptrace" + "strconv" "strings" "testing" @@ -35,7 +36,7 @@ func TestRetry(t *testing.T) { desc: "no retry when max request attempts is one", maxRequestAttempts: 1, wantRetryAttempts: 0, - wantResponseStatus: http.StatusInternalServerError, + wantResponseStatus: http.StatusBadGateway, amountFaultyEndpoints: 1, }, { @@ -56,7 +57,7 @@ func TestRetry(t *testing.T) { desc: "max attempts exhausted delivers the 5xx response", maxRequestAttempts: 3, wantRetryAttempts: 2, - wantResponseStatus: http.StatusInternalServerError, + wantResponseStatus: http.StatusBadGateway, amountFaultyEndpoints: 3, }, } @@ -82,17 +83,18 @@ func TestRetry(t *testing.T) { t.Fatalf("Error creating load balancer: %s", err) } - basePort := 33444 + // out of range port + basePort := 1133444 for i := 0; i < test.amountFaultyEndpoints; i++ { // 192.0.2.0 is a non-routable IP for testing purposes. // See: https://stackoverflow.com/questions/528538/non-routable-ip-address/18436928#18436928 // We only use the port specification here because the URL is used as identifier // in the load balancer and using the exact same URL would not add a new server. - loadBalancer.UpsertServer(testhelpers.MustParseURL("http://192.0.2.0:" + string(basePort+i))) + _ = loadBalancer.UpsertServer(testhelpers.MustParseURL("http://192.0.2.0:" + strconv.Itoa(basePort+i))) } // add the functioning server to the end of the load balancer list - loadBalancer.UpsertServer(testhelpers.MustParseURL(backendServer.URL)) + _ = loadBalancer.UpsertServer(testhelpers.MustParseURL(backendServer.URL)) retryListener := &countingRetryListener{} retry := NewRetry(test.maxRequestAttempts, loadBalancer, retryListener) @@ -154,17 +156,18 @@ func TestRetryWebsocket(t *testing.T) { t.Fatalf("Error creating load balancer: %s", err) } - basePort := 33444 + // out of range port + basePort := 1133444 for i := 0; i < test.amountFaultyEndpoints; i++ { // 192.0.2.0 is a non-routable IP for testing purposes. // See: https://stackoverflow.com/questions/528538/non-routable-ip-address/18436928#18436928 // We only use the port specification here because the URL is used as identifier // in the load balancer and using the exact same URL would not add a new server. - loadBalancer.UpsertServer(testhelpers.MustParseURL("http://192.0.2.0:" + string(basePort+i))) + _ = loadBalancer.UpsertServer(testhelpers.MustParseURL("http://192.0.2.0:" + strconv.Itoa(basePort+i))) } // add the functioning server to the end of the load balancer list - loadBalancer.UpsertServer(testhelpers.MustParseURL(backendServer.URL)) + _ = loadBalancer.UpsertServer(testhelpers.MustParseURL(backendServer.URL)) retryListener := &countingRetryListener{} retry := NewRetry(test.maxRequestAttempts, loadBalancer, retryListener) diff --git a/script/.validate b/script/.validate index 42b4cc70c..c56946b52 100644 --- a/script/.validate +++ b/script/.validate @@ -5,7 +5,7 @@ if [ -z "${VALIDATE_UPSTREAM:-}" ]; then # are running more than one validate bundlescript VALIDATE_REPO='https://github.com/containous/traefik.git' - VALIDATE_BRANCH='master' + VALIDATE_BRANCH='v1.7' # Should not be needed for now O:) # if [ "$TRAVIS" = 'true' -a "$TRAVIS_PULL_REQUEST" != 'false' ]; then diff --git a/script/make.sh b/script/make.sh index 7c8ca397f..580dab74f 100755 --- a/script/make.sh +++ b/script/make.sh @@ -3,9 +3,8 @@ set -e # List of bundles to create when no argument is passed DEFAULT_BUNDLES=( - validate-gofmt - validate-govet generate + validate-gofmt binary test-unit diff --git a/script/validate-errcheck b/script/validate-errcheck deleted file mode 100755 index f7cefc61c..000000000 --- a/script/validate-errcheck +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -source "$(dirname "$BASH_SOURCE")/.validate" - -IFS=$'\n' -files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' || true) ) -unset IFS - -errors=() -failedErrcheck=$(errcheck .) -if [ "$failedErrcheck" ]; then - errors+=( "$failedErrcheck" ) -fi - -if [ ${#errors[@]} -eq 0 ]; then - echo 'Congratulations! All Go source files have been errchecked.' -else - { - echo "Errors from errcheck:" - for err in "${errors[@]}"; do - echo "$err" - done - echo - echo 'Please fix the above errors. You can test via "errcheck" and commit the result.' - echo - } >&2 - false -fi diff --git a/script/validate-govet b/script/validate-govet deleted file mode 100755 index 6d526ad74..000000000 --- a/script/validate-govet +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -source "$(dirname "$BASH_SOURCE")/.validate" - -IFS=$'\n' -files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' || true) ) -unset IFS - -errors=() -for f in "${files[@]}"; do - # we use "git show" here to validate that what's committed passes go vet - failedVet=$(go tool vet -printf=false "$f") - if [ "$failedVet" ]; then - errors+=( "$failedVet" ) - fi -done - -if [ ${#errors[@]} -eq 0 ]; then - echo 'Congratulations! All Go source files have been vetted.' -else - { - echo "Errors from govet:" - for err in "${errors[@]}"; do - echo "$err" - done - echo - echo 'Please fix the above errors. You can test via "go vet" and commit the result.' - echo - } >&2 - false -fi diff --git a/tls/certificate.go b/tls/certificate.go index b48f928c3..908043d7e 100644 --- a/tls/certificate.go +++ b/tls/certificate.go @@ -16,36 +16,41 @@ import ( var ( // MinVersion Map of allowed TLS minimum versions MinVersion = map[string]uint16{ - `VersionTLS10`: tls.VersionTLS10, - `VersionTLS11`: tls.VersionTLS11, - `VersionTLS12`: tls.VersionTLS12, + "VersionTLS10": tls.VersionTLS10, + "VersionTLS11": tls.VersionTLS11, + "VersionTLS12": tls.VersionTLS12, + "VersionTLS13": tls.VersionTLS13, } // CipherSuites Map of TLS CipherSuites from crypto/tls // Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants CipherSuites = map[string]uint16{ - `TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA, - `TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, - `TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA, - `TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA, - `TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256, - `TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256, - `TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384, - `TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - `TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, - `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, - `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + "TLS_RSA_WITH_RC4_128_SHA": tls.TLS_RSA_WITH_RC4_128_SHA, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA, + "TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256, + "TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256, + "TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_RSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, + "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, + "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, + "TLS_FALLBACK_SCSV": tls.TLS_FALLBACK_SCSV, } )