ovh
diff --git a/‎engine/api/api.go
Lines changed: 2 additions & 4 deletions b/‎engine/api/api.go
Lines changed: 2 additions & 4 deletions
diff --git a/‎engine/api/api_routes.go
Lines changed: 1 addition & 1 deletion b/‎engine/api/api_routes.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎engine/api/config.go
Lines changed: 6 additions & 2 deletions b/‎engine/api/config.go
Lines changed: 6 additions & 2 deletions
diff --git a/‎engine/api/router.go
Lines changed: 25 additions & 3 deletions b/‎engine/api/router.go
Lines changed: 25 additions & 3 deletions
diff --git a/‎engine/api/services/cdn.go
Lines changed: 16 additions & 4 deletions b/‎engine/api/services/cdn.go
Lines changed: 16 additions & 4 deletions
diff --git a/‎engine/api/test/assets/assets.go
Lines changed: 3 additions & 2 deletions b/‎engine/api/test/assets/assets.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎engine/api/workflow_queue.go
Lines changed: 1 addition & 1 deletion b/‎engine/api/workflow_queue.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎engine/api/workflow_queue_test.go
Lines changed: 5 additions & 3 deletions b/‎engine/api/workflow_queue_test.go
Lines changed: 5 additions & 3 deletions
diff --git a/‎engine/cdn/cdn.go
Lines changed: 4 additions & 4 deletions b/‎engine/cdn/cdn.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎engine/cdn/types.go
Lines changed: 9 additions & 11 deletions b/‎engine/cdn/types.go
Lines changed: 9 additions & 11 deletions
@@ -64,10 +64,7 @@ type Configuration struct {
 		API string `toml:"api" default:"http://localhost:8081" json:"api"`
 		UI  string `toml:"ui" default:"http://localhost:8080" json:"ui"`
 	} `toml:"url" comment:"#####################\n CDS URLs Settings \n####################" json:"url"`
-	HTTP struct {
-		Addr string `toml:"addr" default:"" commented:"true" comment:"Listen HTTP address without port, example: 127.0.0.1" json:"addr"`
-		Port int    `toml:"port" default:"8081" json:"port"`
-	} `toml:"http" json:"http"`
+	HTTP    service.HTTPRouterConfiguration `toml:"http" json:"http"`
 	Secrets struct {
 		Key string `toml:"key" json:"-"`
 	} `toml:"secrets" json:"secrets"`
@@ -552,6 +549,7 @@ func (a *API) Serve(ctx context.Context) error {
 	a.Router = &Router{
 		Mux:        mux.NewRouter(),
 		Background: ctx,
+		Config:     a.Config.HTTP,
 	}
 	a.InitRouter()
 	if err := a.initWebsocket(event.DefaultPubSubKey); err != nil {
 
@@ -443,7 +443,7 @@ func (api *API) InitRouter() {
 	r.Handle("/template/{groupName}/{templateSlug}/usage", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateUsageHandler))
 
 	//Not Found handler
-	r.Mux.NotFoundHandler = http.HandlerFunc(NotFoundHandler)
+	r.Mux.NotFoundHandler = http.HandlerFunc(r.NotFoundHandler)
 
 	r.computeScopeDetails()
 }
@@ -33,14 +33,18 @@ func (api *API) ConfigVCShandler() service.Handler {
 
 func (api *API) ConfigCDNHandler() service.Handler {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
-		tcpURL, err := services.GetCDNPublicTCPAdress(ctx, api.mustDB())
+		tcpURL, tcpURLEnableTLS, err := services.GetCDNPublicTCPAdress(ctx, api.mustDB())
 		if err != nil {
 			return err
 		}
 		httpURL, err := services.GetCDNPublicHTTPAdress(ctx, api.mustDB())
 		if err != nil {
 			return err
 		}
-		return service.WriteJSON(w, sdk.CDNConfig{TCPURL: tcpURL, HTTPURL: httpURL}, http.StatusOK)
+		return service.WriteJSON(w,
+			sdk.CDNConfig{TCPURL: tcpURL,
+				TCPURLEnableTLS: tcpURLEnableTLS,
+				HTTPURL:         httpURL},
+			http.StatusOK)
 	}
 }
@@ -59,6 +59,7 @@ type Router struct {
 	nbPanic               int
 	lastPanic             *time.Time
 	scopeDetails          []sdk.AuthConsumerScopeDetail
+	Config                service.HTTPRouterConfiguration
 }
 
 // HandlerConfigFunc is a type used in the router configuration fonction "Handle"
@@ -224,7 +225,6 @@ func (r *Router) computeScopeDetails() {
 				Methods: methods,
 			})
 		}
-
 		details[i].Scope = scope
 		details[i].Endpoints = endpoints
 	}
@@ -340,13 +340,21 @@ func (r *Router) handle(uri string, scope HandlerScope, handlers ...*service.Han
 			telemetry.Path, req.URL.Path,
 			telemetry.Method, req.Method)
 
+		// Retrieve the client ip address from the header (X-Forwarded-For by default)
+		clientIP := req.Header.Get(r.Config.HeaderXForwardedFor)
+		if clientIP == "" {
+			// If the header has not been found, fallback on the remote adress from the http request
+			clientIP = req.RemoteAddr
+		}
+
 		// Prepare logging fields
 		ctx = context.WithValue(ctx, cdslog.Method, req.Method)
 		ctx = context.WithValue(ctx, cdslog.Route, cleanURL)
 		ctx = context.WithValue(ctx, cdslog.RequestURI, req.RequestURI)
 		ctx = context.WithValue(ctx, cdslog.Deprecated, rc.IsDeprecated)
 		ctx = context.WithValue(ctx, cdslog.Handler, rc.Name)
 		ctx = context.WithValue(ctx, cdslog.Action, rc.Name)
+		ctx = context.WithValue(ctx, cdslog.IPAddress, clientIP)
 
 		var fields = mux.Vars(req)
 		for k, v := range fields {
@@ -534,8 +542,22 @@ func MaintenanceAware() service.HandlerConfigParam {
 }
 
 // NotFoundHandler is called by default by Mux is any matching handler has been found
-func NotFoundHandler(w http.ResponseWriter, req *http.Request) {
-	service.WriteError(context.Background(), w, req, sdk.NewError(sdk.ErrNotFound, fmt.Errorf("%s not found", req.URL.Path)))
+func (r *Router) NotFoundHandler(w http.ResponseWriter, req *http.Request) {
+	ctx := req.Context()
+
+	// Retrieve the client ip address from the header (X-Forwarded-For by default)
+	clientIP := req.Header.Get(r.Config.HeaderXForwardedFor)
+	if clientIP == "" {
+		// If the header has not been found, fallback on the remote adress from the http request
+		clientIP = req.RemoteAddr
+	}
+
+	// Prepare logging fields
+	ctx = context.WithValue(ctx, cdslog.Method, req.Method)
+	ctx = context.WithValue(ctx, cdslog.RequestURI, req.RequestURI)
+	ctx = context.WithValue(ctx, cdslog.IPAddress, clientIP)
+
+	service.WriteError(ctx, w, req, sdk.NewError(sdk.ErrNotFound, fmt.Errorf("%s not found", req.URL.Path)))
 }
 
 // StatusPanic returns router status. If nbPanic > 30 -> Alert, if nbPanic > 0 -> Warn
 
@@ -8,17 +8,29 @@ import (
 	"github.com/ovh/cds/sdk"
 )
 
-func GetCDNPublicTCPAdress(ctx context.Context, db gorp.SqlExecutor) (string, error) {
+func GetCDNPublicTCPAdress(ctx context.Context, db gorp.SqlExecutor) (string, bool, error) {
 	srvs, err := LoadAllByType(ctx, db, sdk.TypeCDN)
 	if err != nil {
-		return "", err
+		return "", false, err
 	}
+
+	var tcp_addr string
+	var tcp_tls bool
+
+findAddr:
 	for _, svr := range srvs {
 		if addr, ok := svr.Config["public_tcp"]; ok {
-			return addr.(string), nil
+			tcp_addr = addr.(string)
+			if tls, ok := svr.Config["public_tcp_enable_tls"]; ok {
+				tcp_tls = tls.(bool)
+			}
+			break findAddr
 		}
 	}
-	return "", sdk.NewErrorFrom(sdk.ErrNotFound, "unable to find any tcp configuration in CDN Uservice")
+	if tcp_addr != "" {
+		return tcp_addr, tcp_tls, nil
+	}
+	return "", false, sdk.NewErrorFrom(sdk.ErrNotFound, "unable to find any tcp configuration in CDN Uservice")
 }
 
 func GetCDNPublicHTTPAdress(ctx context.Context, db gorp.SqlExecutor) (string, error) {
 
@@ -545,8 +545,9 @@ func InitCDNService(t *testing.T, db gorpmapper.SqlExecutorWithTx, scopes ...sdk
 			PublicKey:  publicKey,
 			ConsumerID: &hConsumer.ID,
 			Config: map[string]interface{}{
-				"public_tcp":  "cdn.net:4545",
-				"public_http": "http://cdn.net:8080",
+				"public_tcp":            "cdn.net:4545",
+				"public_http":           "http://cdn.net:8080",
+				"public_tcp_enable_tls": true,
 			},
 		},
 	}
 
@@ -111,7 +111,7 @@ func (api *API) postTakeWorkflowJobHandler() service.Handler {
 
 		// Get CDN TCP Addr
 		// Get CDN TCP Addr
-		pbji.GelfServiceAddr, err = services.GetCDNPublicTCPAdress(ctx, api.mustDB())
+		pbji.GelfServiceAddr, pbji.GelfServiceAddrEnableTLS, err = services.GetCDNPublicTCPAdress(ctx, api.mustDB())
 		if err != nil {
 			return err
 		}
 
@@ -6,9 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/ovh/cds/engine/api/bootstrap"
-	"github.com/ovh/cds/engine/api/database/gorpmapping"
-	"github.com/ovh/cds/engine/featureflipping"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
@@ -18,6 +15,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ovh/cds/engine/api/bootstrap"
+	"github.com/ovh/cds/engine/api/database/gorpmapping"
+	"github.com/ovh/cds/engine/featureflipping"
+
 	"github.com/ovh/venom"
 
 	"github.com/rockbears/log"
@@ -484,6 +485,7 @@ func Test_postTakeWorkflowJobHandler(t *testing.T) {
 	require.NoError(t, json.Unmarshal(rec.Body.Bytes(), pbji))
 
 	assert.Equal(t, "cdn.net:4545", pbji.GelfServiceAddr)
+	assert.Equal(t, true, pbji.GelfServiceAddrEnableTLS)
 
 	run, err := workflow.LoadNodeJobRun(context.TODO(), api.mustDB(), api.Cache, ctx.job.ID)
 	require.NoError(t, err)
 
@@ -37,9 +37,6 @@ const (
 func New() *Service {
 	s := new(Service)
 	s.GoRoutines = sdk.NewGoRoutines()
-	s.Router = &api.Router{
-		Mux: mux.NewRouter(),
-	}
 
 	return s
 }
@@ -50,7 +47,10 @@ func (s *Service) Init(config interface{}) (cdsclient.ServiceConfig, error) {
 	if !ok {
 		return cfg, sdk.WithStack(fmt.Errorf("invalid CDN service configuration"))
 	}
-
+	s.Router = &api.Router{
+		Mux:    mux.NewRouter(),
+		Config: sConfig.HTTP,
+	}
 	cfg.Host = sConfig.API.HTTP.URL
 	cfg.Token = sConfig.API.Token
 	cfg.InsecureSkipVerifyTLS = sConfig.API.HTTP.Insecure
 
@@ -64,17 +64,15 @@ type Service struct {
 
 // Configuration is the hooks configuration structure
 type Configuration struct {
-	Name string        `toml:"name" default:"cds-cdn" comment:"Name of this CDS CDN Service\n Enter a name to enable this service" json:"name"`
-	TCP  sdk.TCPServer `toml:"tcp" comment:"######################\n CDS CDN TCP Configuration \n######################" json:"tcp"`
-	HTTP struct {
-		Addr string `toml:"addr" default:"" commented:"true" comment:"Listen address without port, example: 127.0.0.1" json:"addr"`
-		Port int    `toml:"port" default:"8089" json:"port"`
-	} `toml:"http" comment:"######################\n CDS CDN HTTP Configuration \n######################" json:"http"`
-	URL        string                                 `default:"http://localhost:8089" json:"url" comment:"Private URL for communication with API"`
-	PublicTCP  string                                 `toml:"publicTCP" default:"localhost:8090" comment:"Public address to access to CDN TCP server" json:"public_tcp"`
-	PublicHTTP string                                 `toml:"publicHTTP" default:"http://localhost:8089" comment:"Public address to access to CDN HTTP server" json:"public_http"`
-	Database   database.DBConfigurationWithEncryption `toml:"database" comment:"################################\n Postgresql Database settings \n###############################" json:"database"`
-	Cache      struct {
+	Name               string                                 `toml:"name" default:"cds-cdn" comment:"Name of this CDS CDN Service\n Enter a name to enable this service" json:"name"`
+	TCP                sdk.TCPServer                          `toml:"tcp" comment:"######################\n CDS CDN TCP Configuration \n######################" json:"tcp"`
+	HTTP               service.HTTPRouterConfiguration        `toml:"http" comment:"######################\n CDS CDN HTTP Configuration \n######################" json:"http"`
+	URL                string                                 `default:"http://localhost:8089" json:"url" comment:"Private URL for communication with API"`
+	PublicTCP          string                                 `toml:"publicTCP" default:"localhost:8090" comment:"Public address to access to CDN TCP server" json:"public_tcp"`
+	PublicTCPEnableTLS bool                                   `toml:"publicTCPEnableTLS" comment:"Enable TLS on public address to access to CDN TCP server" json:"public_tcp_enable_tls"`
+	PublicHTTP         string                                 `toml:"publicHTTP" default:"http://localhost:8089" comment:"Public address to access to CDN HTTP server" json:"public_http"`
+	Database           database.DBConfigurationWithEncryption `toml:"database" comment:"################################\n Postgresql Database settings \n###############################" json:"database"`
+	Cache              struct {
 		TTL     int   `toml:"ttl" default:"60" json:"ttl"`
 		LruSize int64 `toml:"lruSize" default:"134217728" json:"lruSize" comment:"Redis LRU cache for logs items in bytes (default: 128MB)"`
 		Redis   struct {
Original file line number	Diff line number	Diff line change
`@@ -443,7 +443,7 @@ func (api *API) InitRouter() {`
`443`	`443`	`r.Handle("/template/{groupName}/{templateSlug}/usage", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateUsageHandler))`
`444`	`444`
`445`	`445`	`//Not Found handler`
`446`		`- r.Mux.NotFoundHandler = http.HandlerFunc(NotFoundHandler)`
	`446`	`+ r.Mux.NotFoundHandler = http.HandlerFunc(r.NotFoundHandler)`
`447`	`447`
`448`	`448`	`r.computeScopeDetails()`
`449`	`449`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,14 +33,18 @@ func (api *API) ConfigVCShandler() service.Handler {`
`33`	`33`
`34`	`34`	`func (api *API) ConfigCDNHandler() service.Handler {`
`35`	`35`	`return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {`
`36`		`- tcpURL, err := services.GetCDNPublicTCPAdress(ctx, api.mustDB())`
	`36`	`+ tcpURL, tcpURLEnableTLS, err := services.GetCDNPublicTCPAdress(ctx, api.mustDB())`
`37`	`37`	`if err != nil {`
`38`	`38`	`return err`
`39`	`39`	`}`
`40`	`40`	`httpURL, err := services.GetCDNPublicHTTPAdress(ctx, api.mustDB())`
`41`	`41`	`if err != nil {`
`42`	`42`	`return err`
`43`	`43`	`}`
`44`		`- return service.WriteJSON(w, sdk.CDNConfig{TCPURL: tcpURL, HTTPURL: httpURL}, http.StatusOK)`
	`44`	`+ return service.WriteJSON(w,`
	`45`	`+ sdk.CDNConfig{TCPURL: tcpURL,`
	`46`	`+ TCPURLEnableTLS: tcpURLEnableTLS,`
	`47`	`+ HTTPURL: httpURL},`
	`48`	`+ http.StatusOK)`
`45`	`49`	`}`
`46`	`50`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ func (api *API) postTakeWorkflowJobHandler() service.Handler {`
`111`	`111`
`112`	`112`	`// Get CDN TCP Addr`
`113`	`113`	`// Get CDN TCP Addr`
`114`		`- pbji.GelfServiceAddr, err = services.GetCDNPublicTCPAdress(ctx, api.mustDB())`
	`114`	`+ pbji.GelfServiceAddr, pbji.GelfServiceAddrEnableTLS, err = services.GetCDNPublicTCPAdress(ctx, api.mustDB())`
`115`	`115`	`if err != nil {`
`116`	`116`	`return err`
`117`	`117`	`}`