TUN-5737: Support https protocol over unix socket origin

DevinCarr · DevinCarr · commit c2a32de35f90 · 2022-03-03T15:25:23.000Z
diff --git a/ingress/ingress.go b/ingress/ingress.go
@@ -126,7 +126,7 @@ func parseSingleOriginService(c *cli.Context, allowURLFromArgs bool) (OriginServ
 		if err != nil {
 			return nil, errors.Wrap(err, "Error validating --unix-socket")
 		}
-		return &unixSocketPath{path: path}, nil
+		return &unixSocketPath{path: path, scheme: "http"}, nil
 	}
 	u, err := url.Parse("http://localhost:8080")
 	return &httpService{url: u}, err
@@ -169,7 +169,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 		if prefix := "unix:"; strings.HasPrefix(r.Service, prefix) {
 			// No validation necessary for unix socket filepath services
 			path := strings.TrimPrefix(r.Service, prefix)
-			service = &unixSocketPath{path: path}
+			service = &unixSocketPath{path: path, scheme: "http"}
+		} else if prefix := "unix+tls:"; strings.HasPrefix(r.Service, prefix) {
+			path := strings.TrimPrefix(r.Service, prefix)
+			service = &unixSocketPath{path: path, scheme: "https"}
 		} else if prefix := "http_status:"; strings.HasPrefix(r.Service, prefix) {
 			status, err := strconv.Atoi(strings.TrimPrefix(r.Service, prefix))
 			if err != nil {
diff --git a/ingress/ingress_test.go b/ingress/ingress_test.go
@@ -26,8 +26,21 @@ ingress:
 `
 	ing, err := ParseIngress(MustReadIngress(rawYAML))
 	require.NoError(t, err)
-	_, ok := ing.Rules[0].Service.(*unixSocketPath)
+	s, ok := ing.Rules[0].Service.(*unixSocketPath)
 	require.True(t, ok)
+	require.Equal(t, "http", s.scheme)
+}
+
+func TestParseUnixSocketTLS(t *testing.T) {
+	rawYAML := `
+ingress:
+- service: unix+tls:/tmp/echo.sock
+`
+	ing, err := ParseIngress(MustReadIngress(rawYAML))
+	require.NoError(t, err)
+	s, ok := ing.Rules[0].Service.(*unixSocketPath)
+	require.True(t, ok)
+	require.Equal(t, "https", s.scheme)
 }
 
 func Test_parseIngress(t *testing.T) {
diff --git a/ingress/origin_proxy.go b/ingress/origin_proxy.go
@@ -23,7 +23,7 @@ type StreamBasedOriginProxy interface {
 }
 
 func (o *unixSocketPath) RoundTrip(req *http.Request) (*http.Response, error) {
-	req.URL.Scheme = "http"
+	req.URL.Scheme = o.scheme
 	return o.transport.RoundTrip(req)
 }
 
diff --git a/ingress/origin_service.go b/ingress/origin_service.go
@@ -33,9 +33,10 @@ type OriginService interface {
 	start(log *zerolog.Logger, shutdownC <-chan struct{}, cfg OriginRequestConfig) error
 }
 
-// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP)
+// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP or HTTPS)
 type unixSocketPath struct {
 	path      string
+	scheme    string
 	transport *http.Transport
 }
 

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ type StreamBasedOriginProxy interface {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`func (o unixSocketPath) RoundTrip(req http.Request) (*http.Response, error) {`
`26`		`- req.URL.Scheme = "http"`
	`26`	`+ req.URL.Scheme = o.scheme`
`27`	`27`	`return o.transport.RoundTrip(req)`
`28`	`28`	`}`
`29`	`29`
Original file line number	Diff line number	Diff line change
`@@ -33,9 +33,10 @@ type OriginService interface {`
`33`	`33`	`start(log *zerolog.Logger, shutdownC <-chan struct{}, cfg OriginRequestConfig) error`
`34`	`34`	`}`
`35`	`35`
`36`		`-// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP)`
	`36`	`+// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP or HTTPS)`
`37`	`37`	`type unixSocketPath struct {`
`38`	`38`	`path string`
	`39`	`+ scheme string`
`39`	`40`	`transport *http.Transport`
`40`	`41`	`}`
`41`	`42`