Expand Client Auth Type configuration

2019-07-12 17:50:04 +02:00 · 2019-07-12 17:50:04 +02:00 · 2c7cfd1c68
commit 2c7cfd1c68
parent 7a4b4c941c
31 changed files with 304 additions and 151 deletions
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
@ -19,22 +19,22 @@ type TLSOption struct {

 // TLSOptionSpec configures TLS for an entry point
 type TLSOptionSpec struct {
-	MinVersion   string   `json:"minversion"`
-	CipherSuites []string `json:"ciphersuites"`
-	ClientCA     ClientCA `json:"clientca"`
-	SniStrict    bool     `json:"snistrict"`
+	MinVersion   string     `json:"minVersion,omitempty"`
+	CipherSuites []string   `json:"cipherSuites,omitempty"`
+	ClientAuth   ClientAuth `json:"clientAuth,omitempty"`
+	SniStrict    bool       `json:"sniStrict,omitempty"`
 }

 // +k8s:deepcopy-gen=true

-// ClientCA defines traefik CA files for an entryPoint
-// and it indicates if they are mandatory or have just to be analyzed if provided
-type ClientCA struct {
+// ClientAuth defines the parameters of the client authentication part of the TLS connection, if any.
+type ClientAuth struct {
 	// SecretName is the name of the referenced Kubernetes Secret to specify the
 	// certificate details.
-	SecretNames []string `json:"secretnames"`
-	// Optional indicates if ClientCA are mandatory or have just to be analyzed if provided
-	Optional bool `json:"optional"`
+	SecretNames []string `json:"secretNames"`
+	// ClientAuthType defines the client authentication type to apply.
+	// The available values are: "NoClientCert", "RequestClientCert", "VerifyClientCertIfGiven" and "RequireAndVerifyClientCert".
+	ClientAuthType string `json:"clientAuthType"`
 }

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object