projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): Auto-Reload HAProxy bei Domain/Backend/Routing-Mutation

Browse Source 
Symmetrisch zur Firewall: Domains-, Backends- und RoutingRules-Handler
bekommen einen Reloader-Hook injiziert, der nach jeder Mutation
haproxy.cfg neu rendert + sudo systemctl reload haproxy fährt. Errors
werden nur geloggt, nicht failed (Row ist committed; manuelle
Re-Render via edgeguard-ctl render-config bleibt möglich).

Vorher: nur Firewall-Regeln waren auto-applied — Domain/Backend-
Änderungen sind in der DB gelandet, aber das laufende haproxy hat
sie nicht gesehen bis zum nächsten render-config oder API-Restart.

Version 1.0.8.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Debian
2026-05-10 18:23:18 +02:00
parent 237c4c7541
commit 3545b8422b
9 changed files with 86 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
internal/handlers/domains.go
View File

@@ -1,7 +1,9 @@
package handlers
import (
"context"
"errors"
"log/slog"
"strconv"
"github.com/gin-gonic/gin"
@@ -14,14 +16,30 @@ import (
)
type DomainsHandler struct {
Repo *domains.Repo
Routing *routingrules.Repo
Audit *audit.Repo
NodeID string
Repo *domains.Repo
Routing *routingrules.Repo
Audit *audit.Repo
NodeID string
// Reloader regenerates and applies the haproxy config. Symmetric
// to FirewallHandler.Reloader; called after every mutation so the
// running haproxy.cfg always matches the DB. Errors are logged
// but don't fail the API call (the row is committed and the
// operator can re-trigger via `edgeguard-ctl render-config`).
Reloader func(ctx context.Context) error
}
func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string) *DomainsHandler {
return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID}
func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *DomainsHandler {
return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID, Reloader: reloader}
}
func (h *DomainsHandler) reload(ctx context.Context, op string) {
if h.Reloader == nil {
return
}
if err := h.Reloader(ctx); err != nil {
slog.Warn("haproxy: reload after domain mutation failed", "op", op, "error", err)
}
}
func (h *DomainsHandler) Register(rg *gin.RouterGroup) {
@@ -72,7 +90,7 @@ func (h *DomainsHandler) Create(c *gin.Context) {
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.create", req.Name, out, h.NodeID)
response.Created(c, out)
response.Created(c, out); h.reload(c.Request.Context(), "create")
}
func (h *DomainsHandler) Update(c *gin.Context) {
@@ -95,7 +113,7 @@ func (h *DomainsHandler) Update(c *gin.Context) {
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.update", out.Name, out, h.NodeID)
response.OK(c, out)
response.OK(c, out); h.reload(c.Request.Context(), "update")
}
func (h *DomainsHandler) Delete(c *gin.Context) {
@@ -113,7 +131,7 @@ func (h *DomainsHandler) Delete(c *gin.Context) {
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.delete",
strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
response.NoContent(c)
response.NoContent(c); h.reload(c.Request.Context(), "delete")
}
// ListRoutingRules narrows /routing-rules to one domain — UI uses this