Merge pull request #2837 from vishesh92/fix-cloudfront-middleware

Fix cloudfront middleware
This commit is contained in:
Ryan Abrams 2019-03-04 16:42:08 -08:00 committed by GitHub
commit 6d62eb1d4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 23 deletions

View file

@ -706,14 +706,19 @@ interpretation of the options.
| `privatekey` | yes | The private key for Cloudfront, provided by AWS. | | `privatekey` | yes | The private key for Cloudfront, provided by AWS. |
| `keypairid` | yes | The key pair ID provided by AWS. | | `keypairid` | yes | The key pair ID provided by AWS. |
| `duration` | no | An integer and unit for the duration of the Cloudfront session. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, or `h`. For example, `3000s` is valid, but `3000 s` is not. If you do not specify a `duration` or you specify an integer without a time unit, the duration defaults to `20m` (20 minutes).| | `duration` | no | An integer and unit for the duration of the Cloudfront session. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, or `h`. For example, `3000s` is valid, but `3000 s` is not. If you do not specify a `duration` or you specify an integer without a time unit, the duration defaults to `20m` (20 minutes).|
|`ipfilteredby`|no | A string with the following value `none|aws|awsregion`. | |`ipfilteredby`|no | A string with the following value `none`, `aws` or `awsregion`. |
|`awsregion`|no | A comma separated string of AWS regions, only available when `ipfilteredby` is `awsregion`. For example, `us-east-1, us-west-2`| |`awsregion`|no | A comma separated string of AWS regions, only available when `ipfilteredby` is `awsregion`. For example, `us-east-1, us-west-2`|
|`updatefrenquency`|no | The frequency to update AWS IP regions, default: `12h`| |`updatefrenquency`|no | The frequency to update AWS IP regions, default: `12h`|
|`iprangesurl`|no | The URL contains the AWS IP ranges information, default: `https://ip-ranges.amazonaws.com/ip-ranges.json`| |`iprangesurl`|no | The URL contains the AWS IP ranges information, default: `https://ip-ranges.amazonaws.com/ip-ranges.json`|
Then value of ipfilteredby:
`none`: default, do not filter by IP
`aws`: IP from AWS goes to S3 directly Value of `ipfilteredby` can be:
`awsregion`: IP from certain AWS regions goes to S3 directly, use together with `awsregion`
| Value | Description |
|-------------|------------------------------------|
| `none` | default, do not filter by IP |
| `aws` | IP from AWS goes to S3 directly |
| `awsregion` | IP from certain AWS regions goes to S3 directly, use together with `awsregion`. |
### `redirect` ### `redirect`

View file

@ -138,27 +138,33 @@ func newCloudFrontStorageMiddleware(storageDriver storagedriver.StorageDriver, o
// parse ipfilteredby // parse ipfilteredby
var awsIPs *awsIPs var awsIPs *awsIPs
if ipFilteredBy := options["ipfilteredby"].(string); ok { if i, ok := options["ipfilteredby"]; ok {
switch strings.ToLower(strings.TrimSpace(ipFilteredBy)) { if ipFilteredBy, ok := i.(string); ok {
case "", "none": switch strings.ToLower(strings.TrimSpace(ipFilteredBy)) {
awsIPs = nil case "", "none":
case "aws": awsIPs = nil
newAWSIPs(ipRangesURL, updateFrequency, nil) case "aws":
case "awsregion": awsIPs = newAWSIPs(ipRangesURL, updateFrequency, nil)
var awsRegion []string case "awsregion":
if regions, ok := options["awsregion"].(string); ok { var awsRegion []string
for _, awsRegions := range strings.Split(regions, ",") { if i, ok := options["awsregion"]; ok {
awsRegion = append(awsRegion, strings.ToLower(strings.TrimSpace(awsRegions))) if regions, ok := i.(string); ok {
for _, awsRegions := range strings.Split(regions, ",") {
awsRegion = append(awsRegion, strings.ToLower(strings.TrimSpace(awsRegions)))
}
awsIPs = newAWSIPs(ipRangesURL, updateFrequency, awsRegion)
} else {
return nil, fmt.Errorf("awsRegion must be a comma separated string of valid aws regions")
}
} else {
return nil, fmt.Errorf("awsRegion is not defined")
} }
awsIPs = newAWSIPs(ipRangesURL, updateFrequency, awsRegion) default:
} else { return nil, fmt.Errorf("ipfilteredby only allows a string the following value: none|aws|awsregion")
return nil, fmt.Errorf("awsRegion must be a comma separated string of valid aws regions")
} }
default: } else {
return nil, fmt.Errorf("ipfilteredby only allows a string the following value: none|aws|awsregion") return nil, fmt.Errorf("ipfilteredby only allows a string with the following value: none|aws|awsregion")
} }
} else {
return nil, fmt.Errorf("ipfilteredby only allows a string with the following value: none|aws|awsregion")
} }
return &cloudFrontStorageMiddleware{ return &cloudFrontStorageMiddleware{