Documentation ¶
Overview ¶
Package vcl encapsulates representations of a VCL configuration derived from Ingress and VarnishConfig specifications, and checking the representations for equivalence (to check if new syncs are necessary). It drives the templating that generates VCL source code.
Index ¶
- Constants
- func ResetACLTmpl()
- func ResetAuthTmpl()
- func ResetIngressTmpl()
- func ResetReqDispTmpl()
- func ResetRewriteTmpl()
- func ResetShardTmpl()
- func SetACLTmpl(src string) error
- func SetAuthTmpl(src string) error
- func SetIngressTmpl(src string) error
- func SetReqDispTmpl(src string) error
- func SetRewriteTmpl(src string) error
- func SetShardTmpl(src string) error
- type ACL
- type ACLAddress
- type Address
- type AnchorType
- type Auth
- type AuthStatus
- type CompareType
- type Condition
- type Director
- type DirectorType
- type DispositionSpec
- type DispositionType
- type HashAlgo
- type KeyBy
- type MatchFlagsType
- type MatchTerm
- type MethodType
- type NameTTLFrom
- type NameTTLSpec
- type PathKey
- type PathType
- type Probe
- type RecvReturn
- type ResultHdrType
- type Rewrite
- type RewriteRule
- type Rule
- type SelectType
- type Service
- type ShardCluster
- type ShardRule
- type Spec
- type SubType
Constants ¶
const ( // RecvHash to invoke cache lookup. RecvHash RecvReturn = "hash" // RecvPass to bypass cache lookup. RecvPass = "pass" // RecvPipe for pipe mode -- Varnish passes data between // client and backend with no further intervention. RecvPipe = "pipe" // RecvPurge to purge a cache object. // See: https://varnish-cache.org/docs/6.3/users-guide/purging.html?highlight=purge#http-purging RecvPurge = "purge" // RecvSynth to generate a synthetic response with a given // HTTP response status. RecvSynth = "synth" // RecvFail to invoke VCL failure. RecvFail = "fail" // RecvRestart to invoke request restart. RecvRestart = "restart" )
const NoMaskBits uint8 = 255
NoMaskBits is a sentinel value for ACLAddress.MaskBits indicating that a CIDR range is not to be used.
Variables ¶
This section is empty.
Functions ¶
func ResetACLTmpl ¶
func ResetACLTmpl()
ResetACLTmpl sets the VCL template for the VarnishConfig acl feature to its current "official" value. Invoked on TemplateConfig deletion, only needed when devmode is activated for the controller.
func ResetAuthTmpl ¶
func ResetAuthTmpl()
ResetAuthTmpl sets the VCL template for the VarnishConfig auth feature to its current "official" value. Invoked on TemplateConfig deletion, only needed when devmode is activated for the controller.
func ResetIngressTmpl ¶
func ResetIngressTmpl()
ResetIngressTmpl sets the VCL template for Ingress implementation (routing rules and bakend configuration) to its current "official" value. Invoked on TemplateConfig deletion, only needed when devmode is activated for the controller.
func ResetReqDispTmpl ¶
func ResetReqDispTmpl()
ResetReqDispTmpl sets the VCL template for the VarnishConfig reqDisp feature to its current "official" value. Invoked on TemplateConfig deletion, only needed when devmode is activated for the controller.
func ResetRewriteTmpl ¶
func ResetRewriteTmpl()
ResetRewriteTmpl sets the VCL template for the VarnishConfig rewrite feature to its current "official" value. Invoked on TemplateConfig deletion, only needed when devmode is activated for the controller.
func ResetShardTmpl ¶
func ResetShardTmpl()
ResetShardTmpl sets the VCL template for the VarnishConfig shard feature to its current "official" value. Invoked on TemplateConfig deletion, only needed when devmode is activated for the controller.
func SetACLTmpl ¶
SetACLTmpl parses src as a text/template, using the FuncMap defined for the ACL template, which is used to generate VCL for the VarnishConfig acl feature. On success, the ACL template is replaced. If the parse fails, then the error is returned and the ACL template is unchanged.
Only used when devmode is activated for the controller.
func SetAuthTmpl ¶
SetAuthTmpl parses src as a text/template, using the FuncMap defined for the auth template, which is used to generate VCL for the VarnishConfig auth feature. On success, the auth template is replaced. If the parse fails, then the error is returned and the auth template is unchanged.
Only used when devmode is activated for the controller.
func SetIngressTmpl ¶
SetIngressTmpl parses src as a text/template, using the FuncMap defined for the ingress template, which is used to generate VCL for Ingress implementaion -- routing rules and backend configuration, including configuration set for the BackendConfig custom resource. On success, the ingress template is replaced. If the parse fails, then the error is returned and the shard template is unchanged.
Only used when devmode is activated for the controller.
func SetReqDispTmpl ¶
SetReqDispTmpl parses src as a text/template, using the FuncMap defined for the reqDisp template, which is used to generate VCL for the VarnishConfig reqDisp feature. On success, the reqDisp template is replaced. If the parse fails, then the error is returned and the reqDisp template is unchanged.
Only used when devmode is activated for the controller.
func SetRewriteTmpl ¶
SetRewriteTmpl parses src as a text/template, using the FuncMap defined for the rewrite template, which is used to generate VCL for the VarnishConfig rewrite feature. On success, the rewrite template is replaced. If the parse fails, then the error is returned and the rewrite template is unchanged.
Only used when devmode is activated for the controller.
func SetShardTmpl ¶
SetShardTmpl parses src as a text/template, using the FuncMap defined for the shard template, which is used to generate VCL for the VarnishConfig shard feature. On success, the shard template is replaced. If the parse fails, then the error is returned and the shard template is unchanged.
Only used when devmode is activated for the controller.
Types ¶
type ACL ¶
type ACL struct { Name string Comparand string FailStatus uint16 Whitelist bool Addresses []ACLAddress Conditions []MatchTerm ResultHdr ResultHdrType }
ACL represents an Access Control List, derived from a VarnishConfig.
type ACLAddress ¶
ACLAddress represents an element in an ACL -- a host name to be resolved at VCL load, an IP address, or address range in CIDR notation. Use the '!' for negation when Negate is true.
type Address ¶
Address represents an endpoint for either a backend instance (Endpoint of a Service to which requests are routed) or a Varnish instance (where the port is the admin port).
func (Address) Address ¶
Address returns the network address represented by addr as "<IP>:<Port>"
type AnchorType ¶
type AnchorType uint8
AnchorType classifies start-of-string and/or end-of-string anchoring for a regex match.
const ( // None indicates no anchoring. None AnchorType = iota // Start indicates anchoring at start-of-string. Start // Both indicates anchoring at start- and end-of-string. Both )
type Auth ¶
type Auth struct { Conditions []MatchTerm Credentials []string Realm string Status AuthStatus UTF8 bool }
Auth specifies Basic or Proxy Authentication, derived from an AuthSpec in a VarnishConfig resource.
type AuthStatus ¶
type AuthStatus uint16
AuthStatus is the response code to be sent for authentication failures, and serves to distinguish the protocols.
const ( // Basic Authentication Basic AuthStatus = 401 // Proxy Authentication Proxy = 407 )
type CompareType ¶
type CompareType uint8
CompareType classifies comparison operations performed for conditional configurations. The comparison may be negated if the boolean Negate field is true.
const ( // Equal specifies equality -- string equality, numeric // equality, or membership in a set of fixed strings. Equal CompareType = iota // Match specifies a regular expression match. Match // Prefix specifies that a string has a prefix in a set of // fixed strings. Prefix // Exists specifies that a request header exists. Exists // Greater specifies the > relation between a VCL variable // with a numeric value and a constant. Greater // GreaterEqual specifies the >= relation for a numeric VCL // variable and a constant. GreaterEqual // Less specifies the < relation for a numeric VCL variable // and a constant. Less // LessEqual specifies the <= relation for a numeric VCL // variable and a constant. LessEqual )
type Condition ¶
type Condition struct { Values []string MatchFlags MatchFlagsType Count *uint Comparand string Compare CompareType Negate bool }
Condition specifies (one of) the conditions that must be true if a client request disposition is to be executed.
type Director ¶
type Director struct { Rampup string Warmup float64 Type DirectorType ShardParam string }
Director is derived from spec.director in a BackendConfig, and allows for some choice of the director, and sets some parameters.
type DirectorType ¶
type DirectorType uint8
DirectorType corresponds to a class of director, see: https://varnish-cache.org/docs/6.3/reference/vmod_directors.generated.html
const ( // RoundRobin director RoundRobin DirectorType = iota // Random director Random // Shard director Shard )
func GetDirectorType ¶
func GetDirectorType(dirStr string) DirectorType
GetDirectorType returns a DirectorType constant for the string (enum value) used in YAML.
func (DirectorType) String ¶
func (dirType DirectorType) String() string
type DispositionSpec ¶
type DispositionSpec struct { Conditions []Condition Disposition DispositionType }
DispositionSpec specifies the disposition of a client request when all of the Conditions are met.
type DispositionType ¶
type DispositionType struct { Action RecvReturn Status uint16 Reason string }
DispositionType specifies the disposition of a client request when associated Conditions are met.
Status is the HTTP response status to set when Action is RecvSynth; ignored for other values of Action.
type HashAlgo ¶
type HashAlgo uint8
HashAlgo identifies digest algorithms.
const ( // Crc32 checksum Crc32 HashAlgo = iota // ICrc32 CRC32 with inverted initialization and result ICrc32 // MD5 message digest MD5 // RS Sedgewick's hash RS // Sha1 secure hash Sha1 // Sha224 secure hash Sha224 // Sha384 secure hash Sha384 // Sha512 secure hash Sha512 // Sha3_224 secure hash Sha3_224 // Sha3_256 secure hash Sha3_256 // Sha3_512 secure hash Sha3_512 )
type MatchFlagsType ¶
type MatchFlagsType struct { MaxMem uint64 Anchor AnchorType UTF8 bool PosixSyntax bool LongestMatch bool Literal bool NeverCapture bool CaseSensitive bool PerlClasses bool WordBoundary bool }
MatchFlagsType is a collection of options that modify matching operations. CaseSensitive can be applied to both fixed string matches and regex matches; the remainder are for regex matches only. These correspond to flags for RE2 matching, and are used by the RE2 VMOD.
type MatchTerm ¶
type MatchTerm struct { Comparand string Value string Compare CompareType Negate bool }
MatchTerm is a term describing the comparison of a VCL object with a pattern.
type MethodType ¶
type MethodType uint8
MethodType classifies the process by which a rewrite modifies the Target object.
const ( // Replace means that the target is overwritten with a new // value. Replace MethodType = iota // Sub means that the first matching substring of the target // after a regex match is substituted with the new value. Sub // Suball means that each non-overlapping matching substring // of the target is substituted. Suball // RewriteMethod means that the target is rewritten with the // rule in the Rewrite field, possibly with backreferences. RewriteMethod // Append means that a string is concatenated after the source // string, with the result written to the target. Append // Prepend means that a string is concatenated after the // source string. Prepend // Delete means that the target object is deleted. Delete )
type NameTTLFrom ¶
type NameTTLFrom uint8
NameTTLFrom is a enumeration of the ways that the name TTL that was specified in the BackendConfig can be evaluated with respect to DNS TTL. This value is mapped directly to the ttl_from parameter for VMOD dynamic.
const ( // FromCfg corresponds to the enum value cfg in VMOD dynamic. FromCfg NameTTLFrom = iota // FromDNS corresponds to enum dns in VMOD dynamic FromDNS // FromMin corresponds to enum min in VMOD dynamic. FromMin // FromMax corresponds to enum max in VMOD dynamic. FromMax )
func (NameTTLFrom) String ¶
func (from NameTTLFrom) String() string
type NameTTLSpec ¶
type NameTTLSpec struct { TTL string From NameTTLFrom }
NameTTLSpec encapsulates the TTL configuration used for VMOD dynamic. Its fields are mapped directly to the ttl and ttl_from paramater of the VMOD.
type PathKey ¶
PathKey is a two-dimensional map key to map from paths and types to Services, derived from the paths field of an Ingress rule.
This is because it is possible in principle to have the same path with more than one pathType in an Ingress rule.
type PathType ¶
type PathType uint8
PathType is the classifier corresponding to the Ingress pathType field.
type Probe ¶
type Probe struct { URL string Request []string ExpResponse uint16 Timeout string Interval string Initial string Window string Threshold string }
Probe represents the configuration of health probes derived from a VarnishConfig or BackendConfig Custom Resource.
type RecvReturn ¶
type RecvReturn string
RecvReturn is a name for the disposition of a client request. See: https://varnish-cache.org/docs/6.3/reference/states.html
type ResultHdrType ¶
ResultHdrType describes the configuration for writing a header as the result of an ACL comparison. Header is the header to write in VCL notation. Failure is the value to write on the fail condition, Success the value to write otherwise.
type Rewrite ¶
type Rewrite struct { Rules []RewriteRule MatchFlags MatchFlagsType Target string Source string Method MethodType Compare CompareType Negate bool VCLSub SubType Select SelectType }
Rewrite is the specification for a set of rewrite rules; elements of the Rewrites array of a VCL Spec have this type.
Target is the object to be rewritten, in VCL notation. It can be the client or backend URL path, or a client or backend request or response header.
Source is the object against which comparisons are applied, and from which substrings may be extracted. It may have the same values as Target.
type RewriteRule ¶
RewriteRule describes conditions under which a rewrite is executed, and strings to be used for the rewrite. Elements of the Rules array for a Rewrite have this type.
Value is a string or pattern against which the Source object is compared. If Values is a regular expression, it has the syntax and semantics of RE2 (https://github.com/google/re2/wiki/Syntax).
Rewrite is a string to be used for the rewrite if the Value compares successfully. Depending on the RewriteSpec's Method, Rewrite may contain backreferences captured from a regex match.
type Rule ¶
Rule represents an IngressRule: a Host name (possibly empty) and a map from URL paths to Services.
type SelectType ¶
type SelectType uint8
SelectType classifies the determination of the rewrite rule to apply if more than one of them in the Rules array compares successfully. This is only possible when the Method specifies a regex or prefix match.
The values Unique, First or Last may be used for both regex and prefix matches; the others may only be used for prefix matches.
const ( // Unique means that only one rewrite rule may match, // otherwise VCL failure is invoked. Unique SelectType = iota // First means that the first matching rule in the order of // the Rules array is executed. // Last means that the last matching rule is executed. First // Last means that the last matching rule is executed. Last // Exact means that, for a prefix match, the rule by which the // full string matched exactly is executed. Exact // Longest means that the rule for the longest prefix that // matched is executed. Longest // Shortest means that the rule for the shortest prefix that // matched is executed. Shortest )
func (SelectType) String ¶
func (s SelectType) String() string
The String method returns the upper-case name of the enum used for VMOD re2.
type Service ¶
type Service struct { Name string Addresses []Address Probe *Probe Director *Director NameTTL *NameTTLSpec Authority *string ExternalName string ExternalPort string HostHeader string ConnectTimeout string FirstByteTimeout string BetweenBytesTimeout string DNSRetryDelay string DomainUsageTimeout string FirstLookupTimeout string ResolverIdleTimeout string ResolverTimeout string MaxConnections uint32 MaxDNSQueries uint16 ProxyHeader uint8 FollowDNSRedirects bool Via bool }
Service represents either a backend Service (Endpoints to which requests are routed) or a Varnish Service (with addresses for the admin ports).
type ShardCluster ¶
ShardCluster represents the configuration for self-sharding derived from the VarnishConfig Custom Resource.
type ShardRule ¶
type ShardRule struct { Conditions []Condition DefaultKey string Key string By KeyBy Algo HashAlgo PrimaryOnly bool }
ShardRule represents a sharding configuration, and optional conditions under which the configuration holds.
type Spec ¶
type Spec struct { // DefaultService corresponds to the default IngressBackend in // an Ingress, if present. DefaultService Service // Rules corresponds to the IngressRules in an Ingress. Rules []Rule // IntSvcs is a map of Service names to Service configurations // for in-cluster IngressBackends mentioned in an Ingress. May // include the default Backend. IntSvcs map[string]Service // ExtSvcs is a map of Service names to ExternalName Service // configurations that are IngressBackends mentioned in an // Ingress. ExtSvcs map[string]Service // ShardCluster is derived from the self-sharding // specification in a VarnishConfig resource. ShardCluster ShardCluster // Auths is a list of specifications for Basic or Proxy // Authentication, derived from the Auth section of a // VarnishConfig. Auths []Auth // VCL is custom VCL, derived from VarnishConfig.Spec.VCL. VCL string // ACLs is a list of specifications for whitelisting or // blacklisting IPs with access control lists, derived from // VarnishConfig.Spec.ACLs. ACLs []ACL // Rewrites is a list of specifications for header and URL // rewriting, derived from VarnishConfig.Spec.Rewrites. Rewrites []Rewrite // Dispositions is a list of specifications for the // disposition of client requests, derived from // VarnishConfig.Spec.ReqDispositions. Dispositions []DispositionSpec }
Spec is the specification for a VCL configuration derived from Ingresses and VarnishConfig Custom Resources. This abstracts the VCL to be loaded by all instances of a Varnish Service.
func (Spec) Canonical ¶
Canonical returns a canonical form of a Spec, in which all of its fields are ordered. This ensures that reflect.DeepEqual and DeepHash return values consistent with the equivalence of two Specs.
func (Spec) DeepHash ¶
DeepHash computes a alphanumerically encoded hash value from a Spec such that, almost certainly, two Specs are deeply equal iff their hash values are equal (unless we've discovered a SHA512 collision).
type SubType ¶
type SubType uint8
SubType classifies the VCL subroutine in which a rewrite is executed.
const ( // Unspecified means that the VCL sub was not specified in the // user configuration, and will be inferred from the Source // and Target. Unspecified SubType = iota // Recv for vcl_recv Recv // Pipe for vcl_pipe Pipe // Pass for vcl_pass Pass // Hash for vcl_hash Hash // Purge for vcl_purge Purge // Miss for vcl_miss Miss // Hit for vcl_hit Hit // Deliver for vcl_deliver Deliver // Synth for vcl_synth Synth // BackendFetch for vcl_backend_fetch BackendFetch // BackendResponse for vcl_backend_response BackendResponse // BackendError for vcl_backend_error BackendError )