Merge pull request #117 from nginxinc/nlb-5021-geoip2

NLB-5021: Update crossplane to handle GeoIP2 directives
nginxinc · Aug 1, 2024 · a24726c · a24726c
2 parents 787a2e7 + bb88d1b
commit a24726c
Show file tree

Hide file tree

Showing 8 changed files with 421 additions and 2 deletions.
diff --git a/analyze.go b/analyze.go
@@ -38,6 +38,8 @@ package crossplane
 // NAP v5
 //go:generate sh -c "sh ./scripts/generate/generate.sh --url $NAP_URL --config-path ./scripts/generate/configs/nap_v5_config.json --branch $NAP_V5_BRANCH --path ./src > analyze_appProtectWAFv5_directives.gen.go"
 
+// Update for geoip2
+//go:generate sh -c "sh ./scripts/generate/generate.sh --url https://github.com/leev/ngx_http_geoip2_module.git --config-path ./scripts/generate/configs/geoip2_config.json > ./analyze_geoip2_directives.gen.go"
 import (
 	"fmt"
 )

diff --git a/analyze_geoip2_directives.gen.go b/analyze_geoip2_directives.gen.go
diff --git a/analyze_map.go b/analyze_map.go
@@ -39,6 +39,7 @@ var mapBodies = map[string]mapParameterMasks{
 		defaultMasks: ngxConfTake1,
 	},
 	"geoip2": {
+		specialParameterMasks: map[string]uint{"auto_reload": ngxConfTake1},
 		defaultMasks: ngxConf1More,
 	},
 	"otel_exporter": {

diff --git a/analyze_map_test.go b/analyze_map_test.go
@@ -175,6 +175,38 @@ func TestAnalyzeMapBody(t *testing.T) {
 			},
 			term: ";",
 		},
+		"invalid geoip2": {
+			mapDirective: "geoip2",
+			parameter: &Directive{
+				Directive: "$geoip2_data_city_name",
+				Args:      []string{},
+				Line:      5,
+				Block:     Directives{},
+			},
+			term:    ";",
+			wantErr: &ParseError{What: "invalid number of parameters", BlockCtx: "geoip2"},
+		},
+		"valid geoip2 auto_reload": {
+			mapDirective: "geoip2",
+			parameter: &Directive{
+				Directive: "auto_reload",
+				Args:      []string{"5m"},
+				Line:      5,
+				Block:     Directives{},
+			},
+			term: ";",
+		},
+		"invalid geoip2 auto_reload": {
+			mapDirective: "geoip2",
+			parameter: &Directive{
+				Directive: "auto_reload",
+				Args:      []string{"5m", "10m"},
+				Line:      5,
+				Block:     Directives{},
+			},
+			term:    ";",
+			wantErr: &ParseError{What: "invalid number of parameters", BlockCtx: "geoip2"},
+		},
 		"valid otel_exporter": {
 			mapDirective: "otel_exporter",
 			parameter: &Directive{

diff --git a/analyze_test.go b/analyze_test.go
@@ -2665,3 +2665,133 @@ func TestAnalyze_limit_req_zone(t *testing.T) {
 		})
 	}
 }
+
+//nolint:funlen
+func TestAnalyze_geoip2(t *testing.T) {
+	t.Parallel()
+	testcases := map[string]struct {
+		stmt    *Directive
+		ctx     blockCtx
+		wantErr bool
+	}{
+		"geoip2 ok": {
+			&Directive{
+				Directive: "geoip2",
+				Args:      []string{"/etc/maxmind-country.mmdb"},
+				Line:      5,
+				Block: Directives{
+					{
+						Directive: "auto_reload",
+						Args:      []string{"5s"},
+						Line:      6,
+						Block:     Directives{},
+					},
+					{
+						Directive: "$geoip2_city_name",
+						Args:      []string{"city", "names", "en"},
+						Line:      7,
+						Block:     Directives{},
+					},
+				},
+			},
+			blockCtx{"http", "stream"},
+			false,
+		},
+
+		"geoip2 not ok": {
+			&Directive{
+				Directive: "geoip2",
+				Args:      []string{"/etc/maxmind-country.mmdb"},
+				Line:      5,
+				Block: Directives{
+					{
+						Directive: "auto_reload",
+						Args:      []string{"5s"},
+						Line:      6,
+						Block:     Directives{},
+					},
+					{
+						Directive: "$geoip2_city_name",
+						Args:      []string{"city", "names", "en"},
+						Line:      7,
+						Block:     Directives{},
+					},
+				},
+			},
+			blockCtx{"mgmt"},
+			true,
+		},
+		"geoip2_proxy ok": {
+			&Directive{
+				Directive: "geoip2_proxy",
+				Args:      []string{"203.0.113.0/24"},
+				Line:      5,
+			},
+			blockCtx{"http"},
+			false,
+		},
+		"geoip2_proxy args not ok": {
+			&Directive{
+				Directive: "geoip2_proxy",
+				Args:      []string{"203.0.113.0/24", "172.0.0.6"},
+				Line:      5,
+			},
+			blockCtx{"http"},
+			true,
+		},
+		"geoip2_proxy not ok": {
+			&Directive{
+				Directive: "geoip2_proxy",
+				Args:      []string{"203.0.113.0/24"},
+				Line:      5,
+			},
+			blockCtx{"stream"},
+			true,
+		},
+		"geoip2_proxy_recursive ok": {
+			&Directive{
+				Directive: "geoip2_proxy_recursive",
+				Args:      []string{"on"},
+				Line:      5,
+			},
+			blockCtx{"http"},
+			false,
+		},
+		"geoip2_proxy_recursive not ok": {
+			&Directive{
+				Directive: "geoip2_proxy_recursive",
+				Args:      []string{"on"},
+				Line:      5,
+			},
+			blockCtx{"stream"},
+			true,
+		},
+		"geoip2_proxy_recursive args not ok": {
+			&Directive{
+				Directive: "geoip2_proxy_recursive",
+				Args:      []string{"on", "off"},
+				Line:      5,
+			},
+			blockCtx{"http"},
+			true,
+		},
+	}
+
+	for name, tc := range testcases {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+			err := analyze("nginx.conf", tc.stmt, ";", tc.ctx, &ParseOptions{
+				DirectiveSources: []MatchFunc{MatchNginxPlusLatest, MatchGeoip2Latest},
+			})
+
+			if !tc.wantErr && err != nil {
+				t.Fatal(err)
+			}
+
+			if tc.wantErr && err == nil {
+				t.Fatal("expected error, got nil")
+			}
+		})
+	}
+}