Merge refactor

nginxinc · Sep 9, 2024 · a7618ac · a7618ac
2 parents 1f22cac + 5a319da
commit a7618ac
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 53 deletions.
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -17,11 +17,11 @@ FROM ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le:nginx-1.27.1@sha256:0bab61e
 FROM ghcr.io/nginxinc/alpine-fips:0.2.2-alpine3.17@sha256:0dcd9149b66a6b35c1253b7662c8ed7ef0e0172ceae893a82058c30668799bf2 AS alpine-fips-3.17
 FROM ghcr.io/nginxinc/alpine-fips:0.2.2-alpine3.20@sha256:0ddcfb906a5dc931336db5ba6e0d09d5f77cc48c67e3781aba66a0a27dc14605 AS alpine-fips-3.20
 FROM redhat/ubi9-minimal@sha256:f182b500ff167918ca1010595311cf162464f3aa1cab755383d38be61b4d30aa AS ubi-minimal
-FROM golang:1.22-alpine@sha256:c02e4518720baaa7657c2b3845452778cf83cf828accf2b5c7afef31ccb8073a AS golang-builder
+FROM golang:1.22-alpine@sha256:48eab5e3505d8c8b42a06fe5f1cf4c346c167cc6a89e772f31cb9e5c301dcf60 AS golang-builder
 
 
 ############################################# Base image for Alpine #############################################
-FROM nginx:1.27.1-alpine@sha256:c04c18adc2a407740a397c8407c011fc6c90026a9b65cceddef7ae5484360158 AS alpine
+FROM nginx:1.27.1-alpine@sha256:a5127daff3d6f4606be3100a252419bfa84fd6ee5cd74d0feaca1a5068f97dcf AS alpine
 
 RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 	apk add --no-cache libcap libstdc++ \
@@ -102,7 +102,7 @@ USER 101
 
 
 ############################################# Base image for Alpine with NGINX Plus #############################################
-FROM alpine:3.20@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 AS alpine-plus
+FROM alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d AS alpine-plus
 ARG NGINX_PLUS_VERSION
 ARG PACKAGE_REPO
 
@@ -135,7 +135,7 @@ RUN --mount=type=bind,from=alpine-fips-3.20,target=/tmp/fips/ \
 
 
 ############################################# Base image for Alpine with NGINX Plus, App Protect WAF and FIPS #############################################
-FROM alpine:3.17@sha256:ef813b2faa3dd1a37f9ef6ca98347b72cd0f55e4ab29fb90946f1b853bf032d9 AS alpine-plus-nap-fips
+FROM alpine:3.17@sha256:3451da08fc6ef554a100da3e2df5ac6d598c82f2a774d5f6ed465c3d80cd163a AS alpine-plus-nap-fips
 ARG NGINX_PLUS_VERSION
 ARG NGINX_AGENT
 ARG NGINX_PLUS_VERSION
@@ -172,7 +172,7 @@ RUN --mount=type=bind,from=alpine-fips-3.17,target=/tmp/fips/ \
 
 
 ############################################# Base image for Alpine with NGINX Plus, App Protect WAFv5 and FIPS #############################################
-FROM alpine:3.17@sha256:ef813b2faa3dd1a37f9ef6ca98347b72cd0f55e4ab29fb90946f1b853bf032d9 AS alpine-plus-nap-v5-fips
+FROM alpine:3.17@sha256:3451da08fc6ef554a100da3e2df5ac6d598c82f2a774d5f6ed465c3d80cd163a AS alpine-plus-nap-v5-fips
 ARG NGINX_PLUS_VERSION
 ARG NGINX_AGENT
 ARG NGINX_PLUS_VERSION

diff --git a/internal/configs/version2/template_helper.go b/internal/configs/version2/template_helper.go
@@ -23,6 +23,15 @@ const (
 	ipv6
 )
 
+type listen struct {
+	ipAddress     string
+	port          string
+	tls           bool
+	proxyProtocol bool
+	udp           bool
+	ipType        ipType
+}
+
 const spacing = "    "
 
 func headerListToCIMap(headers []Header) map[string]string {
@@ -69,85 +78,92 @@ func buildListenerDirectives(listenerType protocol, s Server, port string) strin
 	var directives string
 
 	if listenerType == http {
-		directives += buildListenDirective(s.HTTPIPv4, port, s.ProxyProtocol, ipv4)
+		directives += buildListenDirective(listen{
+			ipAddress:     s.HTTPIPv4,
+			port:          port,
+			tls:           false,
+			proxyProtocol: s.ProxyProtocol,
+			udp:           false,
+			ipType:        ipv4,
+		})
 		if !s.DisableIPV6 {
 			directives += spacing
-			directives += buildListenDirective(s.HTTPIPv6, port, s.ProxyProtocol, ipv6)
+			directives += buildListenDirective(listen{
+				ipAddress:     s.HTTPIPv6,
+				port:          port,
+				tls:           false,
+				proxyProtocol: s.ProxyProtocol,
+				udp:           false,
+				ipType:        ipv6,
+			})
 		}
 	} else {
-		directives += buildListenDirective(s.HTTPSIPv4, port, s.ProxyProtocol, ipv4)
+		directives += buildListenDirective(listen{
+			ipAddress:     s.HTTPSIPv4,
+			port:          port,
+			tls:           true,
+			proxyProtocol: s.ProxyProtocol,
+			udp:           false,
+			ipType:        ipv4,
+		})
 		if !s.DisableIPV6 {
 			directives += spacing
-			directives += buildListenDirective(s.HTTPSIPv6, port, s.ProxyProtocol, ipv6)
+			directives += buildListenDirective(listen{
+				ipAddress:     s.HTTPSIPv6,
+				port:          port,
+				tls:           true,
+				proxyProtocol: s.ProxyProtocol,
+				udp:           false,
+				ipType:        ipv6,
+			})
 		}
 	}
 
 	return directives
 }
 
 func getDefaultPort(listenerType protocol) string {
-	if listenerType == http {
-		return "80"
+	s := Server{
+		HTTPPort:  80,
+		HTTPSPort: 443,
 	}
-	return "443 ssl"
+
+	return getCustomPort(listenerType, s)
 }
 
 func getCustomPort(listenerType protocol, s Server) string {
 	if listenerType == http {
 		return strconv.Itoa(s.HTTPPort)
 	}
-	return strconv.Itoa(s.HTTPSPort) + " ssl"
+	return strconv.Itoa(s.HTTPSPort)
 }
 
-func buildListenDirective(ip string, port string, proxyProtocol bool, ipType ipType) string {
+func buildListenDirective(l listen) string {
 	base := "listen"
 	var directive string
 
-	if ipType == ipv6 {
-		if ip != "" {
-			directive = fmt.Sprintf("%s [%s]:%s", base, ip, port)
-		} else {
-			directive = fmt.Sprintf("%s [::]:%s", base, port)
-		}
-	} else {
-		if ip != "" {
-			directive = fmt.Sprintf("%s %s:%s", base, ip, port)
-		} else {
-			directive = fmt.Sprintf("%s %s", base, port)
+	if l.ipType == ipv6 {
+		if l.ipAddress == "" {
+			l.ipAddress = "::"
 		}
+		l.ipAddress = fmt.Sprintf("[%s]", l.ipAddress)
 	}
 
-	if proxyProtocol {
-		directive += " proxy_protocol"
-	}
-
-	directive += ";\n"
-	return directive
-}
-
-func buildTransportListenDirective(ipType ipType, port string, ssl *StreamSSL, udp bool, ip string) string {
-	base := "listen"
-	var directive string
-
-	if ipType == ipv6 {
-		if ip != "" {
-			directive = fmt.Sprintf("%s [%s]:%s", base, ip, port)
-		} else {
-			directive = fmt.Sprintf("%s [::]:%s", base, port)
-		}
+	if l.ipAddress != "" {
+		directive = fmt.Sprintf("%s %s:%s", base, l.ipAddress, l.port)
 	} else {
-		if ip != "" {
-			directive = fmt.Sprintf("%s %s:%s", base, ip, port)
-		} else {
-			directive = fmt.Sprintf("%s %s", base, port)
-		}
+		directive = fmt.Sprintf("%s %s", base, l.port)
 	}
 
-	if ssl.Enabled {
+	if l.tls {
 		directive += " ssl"
 	}
 
-	if udp {
+	if l.proxyProtocol {
+		directive += " proxy_protocol"
+	}
+
+	if l.udp {
 		directive += " udp"
 	}
 
@@ -167,11 +183,25 @@ func makeTransportListener(s StreamServer) string {
 	var directives string
 	port := strconv.Itoa(s.Port)
 
-	directives += buildTransportListenDirective(ipv4, port, s.SSL, s.UDP, s.IPv4)
+	directives += buildListenDirective(listen{
+		ipAddress:     s.IPv4,
+		port:          port,
+		tls:           s.SSL.Enabled,
+		proxyProtocol: false,
+		udp:           s.UDP,
+		ipType:        ipv4,
+	})
 
 	if !s.DisableIPV6 {
 		directives += spacing
-		directives += buildTransportListenDirective(ipv6, port, s.SSL, s.UDP, s.IPv6)
+		directives += buildListenDirective(listen{
+			ipAddress:     "",
+			port:          port,
+			tls:           s.SSL.Enabled,
+			proxyProtocol: false,
+			udp:           s.UDP,
+			ipType:        ipv6,
+		})
 	}
 
 	return directives

diff --git a/tests/Dockerfile b/tests/Dockerfile
@@ -5,7 +5,7 @@ FROM kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7
 # this is here so we can grab the latest version of skopeo and have dependabot keep it up to date
 FROM quay.io/skopeo/stable:v1.16.1
 
-FROM python:3.12@sha256:b7552a9f6cb77632e9ec6f714ed9846fb43bd32d17a7ad82bccac88f5e2cd333
+FROM python:3.12@sha256:11aa4b620c15f855f66f02a7f3c1cd9cf843cc10f3edbcf158e5ebcd98d1f549
 
 RUN apt-get update \
 	&& apt-get install -y curl git \