update for traefik v2, treafik-proxy v1

- tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests
2025-12-18 21:54:05 +08:00 · 2023-05-15 10:53:53 +02:00
parent e353ab80c3
commit a58956f14b
11 changed files with 272 additions and 178 deletions
--- a/tests/test_configurer.py
+++ b/tests/test_configurer.py
@@ -156,8 +156,8 @@ def test_traefik_api_default():
    """
    c = apply_mock_config({})

-    assert c.TraefikTomlProxy.traefik_api_username == "api_admin"
-    assert len(c.TraefikTomlProxy.traefik_api_password) == 0
+    assert c.TraefikProxy.traefik_api_username == "api_admin"
+    assert len(c.TraefikProxy.traefik_api_password) == 0


 def test_set_traefik_api():
@@ -167,8 +167,8 @@ def test_set_traefik_api():
    c = apply_mock_config(
        {"traefik_api": {"username": "some_user", "password": "1234"}}
    )
-    assert c.TraefikTomlProxy.traefik_api_username == "some_user"
-    assert c.TraefikTomlProxy.traefik_api_password == "1234"
+    assert c.TraefikProxy.traefik_api_username == "some_user"
+    assert c.TraefikProxy.traefik_api_password == "1234"


 def test_cull_service_default():
@@ -268,7 +268,7 @@ def test_load_secrets(tljh_dir):
    tljh_config = configurer.load_config()
    assert tljh_config["traefik_api"]["password"] == "traefik-password"
    c = apply_mock_config(tljh_config)
-    assert c.TraefikTomlProxy.traefik_api_password == "traefik-password"
+    assert c.TraefikProxy.traefik_api_password == "traefik-password"


 def test_auth_native():
--- a/tests/test_traefik.py
+++ b/tests/test_traefik.py
@@ -15,30 +15,51 @@ def test_download_traefik(tmpdir):
    assert (traefik_bin.stat().mode & 0o777) == 0o755


+def _read_toml(path):
+    """Read a toml file
+
+    print config for debugging on failure
+    """
+    print(path)
+    with open(path) as f:
+        toml_cfg = f.read()
+        print(toml_cfg)
+        return toml.loads(toml_cfg)
+
+
+def _read_static_config(state_dir):
+    return _read_toml(os.path.join(state_dir, "traefik.toml"))
+
+
+def _read_dynamic_config(state_dir):
+    return _read_toml(os.path.join(state_dir, "rules", "dynamic.toml"))
+
+
 def test_default_config(tmpdir, tljh_dir):
    state_dir = tmpdir.mkdir("state")
    traefik.ensure_traefik_config(str(state_dir))
    assert state_dir.join("traefik.toml").exists()
-    traefik_toml = os.path.join(state_dir, "traefik.toml")
-    with open(traefik_toml) as f:
-        toml_cfg = f.read()
-        # print config for debugging on failure
-        print(config.CONFIG_FILE)
-        print(toml_cfg)
-        cfg = toml.loads(toml_cfg)
-    assert cfg["defaultEntryPoints"] == ["http"]
-    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
-    # runtime generated entry, value not testable
-    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
+    os.path.join(state_dir, "traefik.toml")
+    rules_dir = os.path.join(state_dir, "rules")

+    cfg = _read_static_config(state_dir)
+    assert cfg["api"] == {}
    assert cfg["entryPoints"] == {
-        "http": {"address": ":80"},
+        "http": {
+            "address": ":80",
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
        "auth_api": {
-            "address": "127.0.0.1:8099",
-            "auth": {"basic": {"users": [""]}},
-            "whiteList": {"sourceRange": ["127.0.0.1"]},
+            "address": "localhost:8099",
        },
    }
+    assert cfg["providers"] == {
+        "providersThrottleDuration": "0s",
+        "file": {"directory": rules_dir, "watch": True},
+    }
+
+    dynamic_config = _read_dynamic_config(state_dir)
+    assert dynamic_config == {}


 def test_letsencrypt_config(tljh_dir):
@@ -51,34 +72,55 @@ def test_letsencrypt_config(tljh_dir):
        config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]
    )
    traefik.ensure_traefik_config(str(state_dir))
-    traefik_toml = os.path.join(state_dir, "traefik.toml")
-    with open(traefik_toml) as f:
-        toml_cfg = f.read()
-        # print config for debugging on failure
-        print(config.CONFIG_FILE)
-        print(toml_cfg)
-        cfg = toml.loads(toml_cfg)
-    assert cfg["defaultEntryPoints"] == ["http", "https"]
-    assert "acme" in cfg
-    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
-    # runtime generated entry, value not testable
-    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]

+    cfg = _read_static_config(state_dir)
    assert cfg["entryPoints"] == {
-        "http": {"address": ":80", "redirect": {"entryPoint": "https"}},
-        "https": {"address": ":443", "tls": {"minVersion": "VersionTLS12"}},
+        "http": {
+            "address": ":80",
+            "http": {
+                "redirections": {
+                    "entryPoint": {
+                        "scheme": "https",
+                        "to": "https",
+                    },
+                },
+            },
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
+        "https": {
+            "address": ":443",
+            "http": {"tls": {"options": "default"}},
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
        "auth_api": {
-            "address": "127.0.0.1:8099",
-            "auth": {"basic": {"users": [""]}},
-            "whiteList": {"sourceRange": ["127.0.0.1"]},
+            "address": "localhost:8099",
        },
    }
-    assert cfg["acme"] == {
+    assert "tls" not in cfg
+
+    dynamic_config = _read_dynamic_config(state_dir)
+
+    assert dynamic_config["tls"] == {
+        "options": {"default": {"minVersion": "VersionTLS12"}},
+        "stores": {
+            "default": {
+                "defaultGeneratedCert": {
+                    "resolver": "letsencrypt",
+                    "domain": {
+                        "main": "testing.jovyan.org",
+                        "sans": [],
+                    },
+                }
+            }
+        },
+    }
+    assert "certificateResolvers" in cfg
+    assert "letsencrypt" in cfg["certificateResolvers"]
+
+    assert cfg["certificateResolvers"]["letsencrypt"]["acme"] == {
        "email": "fake@jupyter.org",
        "storage": "acme.json",
-        "entryPoint": "https",
        "httpChallenge": {"entryPoint": "http"},
-        "domains": [{"main": "testing.jovyan.org"}],
    }


@@ -88,33 +130,50 @@ def test_manual_ssl_config(tljh_dir):
    config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key")
    config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert")
    traefik.ensure_traefik_config(str(state_dir))
-    traefik_toml = os.path.join(state_dir, "traefik.toml")
-    with open(traefik_toml) as f:
-        toml_cfg = f.read()
-        # print config for debugging on failure
-        print(config.CONFIG_FILE)
-        print(toml_cfg)
-        cfg = toml.loads(toml_cfg)
-    assert cfg["defaultEntryPoints"] == ["http", "https"]
-    assert "acme" not in cfg
-    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
-    # runtime generated entry, value not testable
-    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
+
+    cfg = _read_static_config(state_dir)
+
    assert cfg["entryPoints"] == {
-        "http": {"address": ":80", "redirect": {"entryPoint": "https"}},
-        "https": {
-            "address": ":443",
-            "tls": {
-                "minVersion": "VersionTLS12",
-                "certificates": [
-                    {"certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key"}
-                ],
+        "http": {
+            "address": ":80",
+            "http": {
+                "redirections": {
+                    "entryPoint": {
+                        "scheme": "https",
+                        "to": "https",
+                    },
+                },
+            },
+            "transport": {
+                "respondingTimeouts": {
+                    "idleTimeout": "10m",
+                }
            },
        },
+        "https": {
+            "address": ":443",
+            "http": {"tls": {"options": "default"}},
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
        "auth_api": {
-            "address": "127.0.0.1:8099",
-            "auth": {"basic": {"users": [""]}},
-            "whiteList": {"sourceRange": ["127.0.0.1"]},
+            "address": "localhost:8099",
+        },
+    }
+    assert "tls" not in cfg
+
+    dynamic_config = _read_dynamic_config(state_dir)
+
+    assert "tls" in dynamic_config
+
+    assert dynamic_config["tls"] == {
+        "options": {"default": {"minVersion": "VersionTLS12"}},
+        "stores": {
+            "default": {
+                "defaultCertificate": {
+                    "certFile": "/path/to/ssl.cert",
+                    "keyFile": "/path/to/ssl.key",
+                }
+            }
        },
    }

@@ -131,18 +190,18 @@ def test_extra_config(tmpdir, tljh_dir):
    toml_cfg = toml.load(traefik_toml)

    # Make sure the defaults are what we expect
-    assert toml_cfg["logLevel"] == "INFO"
+    assert toml_cfg["log"]["level"] == "INFO"
    with pytest.raises(KeyError):
-        toml_cfg["checkNewVersion"]
-    assert toml_cfg["entryPoints"]["auth_api"]["address"] == "127.0.0.1:8099"
+        toml_cfg["api"]["dashboard"]
+    assert toml_cfg["entryPoints"]["auth_api"]["address"] == "localhost:8099"

    extra_config = {
        # modify existing value
-        "logLevel": "ERROR",
-        # modify existing value with multiple levels
-        "entryPoints": {"auth_api": {"address": "127.0.0.1:9999"}},
+        "log": {
+            "level": "ERROR",
+        },
        # add new setting
-        "checkNewVersion": False,
+        "api": {"dashboard": True},
    }

    with open(os.path.join(extra_config_dir, "extra.toml"), "w+") as extra_config_file:
@@ -155,6 +214,5 @@ def test_extra_config(tmpdir, tljh_dir):
    toml_cfg = toml.load(traefik_toml)

    # Check that the defaults were updated by the extra config
-    assert toml_cfg["logLevel"] == "ERROR"
-    assert toml_cfg["checkNewVersion"] == False
-    assert toml_cfg["entryPoints"]["auth_api"]["address"] == "127.0.0.1:9999"
+    assert toml_cfg["log"]["level"] == "ERROR"
+    assert toml_cfg["api"]["dashboard"] == True